Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still trying to sort annoying problem out,,Please help


  • This topic is locked This topic is locked
61 replies to this topic

#1 Madforit

Madforit

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 19 October 2014 - 12:27 PM

I have done everything i was asked in two other forums on this site and they have sent me here as they did not find anything wrong,, Below is a link to my last topic so that you can see what was done and i have also attached a DDS log as requested in my last reply from the forum,,

 

 

Here is the link :- http://www.bleepingcomputer.com/forums/t/550869/helpi-need-to-find-and-remove-an-annoying-problem/

 

and here is the DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by Steve at 18:20:54 on 2014-10-19
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.3070.1508 [GMT 1:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\WinService.exe
C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
mWinlogon: Userinit = userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
mPolicies-System: DisableStartupSound = dword:1
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1513E6FA-7394-4D2A-AA50-C23F0634E982} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6BC596E4-ECAC-4F43-9F5C-26CA23E51220} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6BC596E4-ECAC-4F43-9F5C-26CA23E51220}\35475667F6723702E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9F998F10-1B45-42DC-97B3-8DCB3B985DD7} : DHCPNameServer = 8.8.8.8 8.8.4.4
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Steve\AppData\Roaming\ACEStream\player\npace_plugin.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2011-12-7 25312]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-11 279616]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-1-4 26624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2014-3-5 98304]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2014-3-5 3735552]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [2009-8-31 1821184]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-1-7 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-8 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-8 860472]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2011-12-7 186848]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-8-3 741640]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-7 5093216]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2012-1-4 167936]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-9-15 46136]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-1-4 1924096]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-8 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-8 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-8 63704]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-8-3 110336]
S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\System32\drivers\i1display_x64.sys [2012-12-18 7808]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2013-5-10 53312]
S3 PSSDKLBF;PSSDKLBF;C:\Windows\System32\drivers\pssdklbf.sys [2013-5-10 65600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-9 19456]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2011-12-7 450048]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-8-16 155824]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-8-3 206080]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-21 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-9 57856]
S3 vvftav302;vvftav302;C:\Windows\System32\drivers\vvftav302.sys [2007-3-18 301824]
S4 Golf Server;Golf Server;C:\Golf\Server\golf_srv.exe [1999-1-5 232448]
S4 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2012-1-4 954368]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-15 17:35:32 -------- d-----w- C:\FRST
2014-10-15 12:25:48 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics
2014-10-08 20:21:14 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2014-10-08 20:21:14 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2014-10-08 20:17:00 0 ----a-w- C:\Windows\SysWow64\RENBD93.tmp
2014-10-08 20:17:00 0 ----a-w- C:\Windows\SysWow64\RENBD92.tmp
2014-10-08 20:17:00 0 ----a-w- C:\Windows\SysWow64\RENBD91.tmp
2014-10-06 13:54:57 -------- d-----w- C:\Windows\ERUNT
2014-10-06 13:47:37 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-10-06 13:46:12 -------- d-----w- C:\AdwCleaner
.
==================== Find3M  ====================
.
2014-10-19 17:17:02 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-29 11:24:32 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2009-12-06 17:18:14 26624 --sh--w- C:\Windows\bfcs2.dll
2013-10-08 21:23:56 143208 --sh--w- C:\Windows\hcsd.exe
.
============= FINISH: 18:22:26.50 ===============
 
I hope you can help me as this problem is driving me crazy now,,The sound is happening more than before at the moment but sometimes it hardly ever happens.
I apologise for not explaining the whole story again but it is all there in the link that I have sent to you.
 


BC AdBot (Login to Remove)

 


#2 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 21 October 2014 - 07:02 AM

Anyone got any ideas how i can fix this annoying problem ?

 



#3 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 23 October 2014 - 02:57 PM

Hello Madforit, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)

Posted Image

#4 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 23 October 2014 - 06:44 PM

14:01:03.0259 0700 TDSS rootkit removing tool 2.6.6.0 Oct  7 2011 12:45:24
14:01:03.0459 0700 ============================================================
14:01:03.0460 0700 Current date / time: 2011/10/09 14:01:03.0459
14:01:03.0460 0700 SystemInfo:
14:01:03.0460 0700
14:01:03.0460 0700 OS Version: 6.1.7601 ServicePack: 1.0
14:01:03.0460 0700 Product type: Workstation
14:01:03.0460 0700 ComputerName: STEVE-PC
14:01:03.0461 0700 UserName: Steve
14:01:03.0461 0700 Windows directory: C:\Windows
14:01:03.0461 0700 System windows directory: C:\Windows
14:01:03.0461 0700 Running under WOW64
14:01:03.0461 0700 Processor architecture: Intel x64
14:01:03.0461 0700 Number of processors: 4
14:01:03.0461 0700 Page size: 0x1000
14:01:03.0461 0700 Boot type: Normal boot
14:01:03.0461 0700 ============================================================
14:01:04.0771 0700 Initialize success
14:01:23.0837 2320 ============================================================
14:01:23.0837 2320 Scan started
14:01:23.0837 2320 Mode: Manual; 
14:01:23.0837 2320 ============================================================
14:01:24.0739 2320 1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:01:24.0744 2320 1394ohci - ok
14:01:24.0805 2320 ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:01:24.0811 2320 ACPI - ok
14:01:24.0847 2320 AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:01:24.0849 2320 AcpiPmi - ok
14:01:24.0937 2320 adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:01:24.0946 2320 adp94xx - ok
14:01:25.0057 2320 adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:01:25.0064 2320 adpahci - ok
14:01:25.0111 2320 adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:01:25.0115 2320 adpu320 - ok
14:01:25.0210 2320 AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:01:25.0219 2320 AFD - ok
14:01:25.0264 2320 agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:01:25.0266 2320 agp440 - ok
14:01:25.0370 2320 aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:01:25.0371 2320 aliide - ok
14:01:25.0437 2320 amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:01:25.0439 2320 amdide - ok
14:01:25.0507 2320 AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:01:25.0509 2320 AmdK8 - ok
14:01:25.0551 2320 AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:01:25.0553 2320 AmdPPM - ok
14:01:25.0627 2320 amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:01:25.0630 2320 amdsata - ok
14:01:25.0685 2320 amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:01:25.0690 2320 amdsbs - ok
14:01:25.0755 2320 amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:01:25.0756 2320 amdxata - ok
14:01:25.0841 2320 androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
14:01:25.0843 2320 androidusb - ok
14:01:25.0938 2320 AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:01:25.0940 2320 AppID - ok
14:01:26.0029 2320 arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:01:26.0031 2320 arc - ok
14:01:26.0117 2320 arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:01:26.0120 2320 arcsas - ok
14:01:26.0188 2320 AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:26.0190 2320 AsyncMac - ok
14:01:26.0244 2320 atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:01:26.0245 2320 atapi - ok
14:01:26.0333 2320 AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
14:01:26.0336 2320 AtiHdmiService - ok
14:01:26.0550 2320 atikmdag        (a47b3fce2d47eab02c608aa8200ccb7e) C:\Windows\system32\DRIVERS\atikmdag.sys
14:01:26.0640 2320 atikmdag - ok
14:01:26.0748 2320 atksgt          (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
14:01:26.0750 2320 atksgt - ok
14:01:26.0820 2320 avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
14:01:26.0822 2320 avgntflt - ok
14:01:26.0893 2320 avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
14:01:26.0895 2320 avipbb - ok
14:01:26.0990 2320 b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:01:26.0999 2320 b06bdrv - ok
14:01:27.0100 2320 b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:01:27.0106 2320 b57nd60a - ok
14:01:27.0161 2320 Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:01:27.0162 2320 Beep - ok
14:01:27.0238 2320 BlackBox - ok
14:01:27.0311 2320 blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:01:27.0313 2320 blbdrive - ok
14:01:27.0375 2320 bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:01:27.0377 2320 bowser - ok
14:01:27.0414 2320 BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:01:27.0415 2320 BrFiltLo - ok
14:01:27.0472 2320 BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:01:27.0473 2320 BrFiltUp - ok
14:01:27.0528 2320 Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:01:27.0534 2320 Brserid - ok
14:01:27.0589 2320 BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:27.0591 2320 BrSerWdm - ok
14:01:27.0647 2320 BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:27.0649 2320 BrUsbMdm - ok
14:01:27.0708 2320 BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:27.0710 2320 BrUsbSer - ok
14:01:27.0803 2320 BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:01:27.0805 2320 BTHMODEM - ok
14:01:27.0865 2320 cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:01:27.0868 2320 cdfs - ok
14:01:27.0941 2320 cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:01:27.0945 2320 cdrom - ok
14:01:28.0031 2320 circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:01:28.0034 2320 circlass - ok
14:01:28.0075 2320 CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:01:28.0083 2320 CLFS - ok
14:01:28.0216 2320 CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:01:28.0217 2320 CmBatt - ok
14:01:28.0273 2320 cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:01:28.0275 2320 cmdide - ok
14:01:28.0321 2320 CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:01:28.0329 2320 CNG - ok
14:01:28.0403 2320 Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:01:28.0404 2320 Compbatt - ok
14:01:28.0476 2320 CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:01:28.0478 2320 CompositeBus - ok
14:01:28.0573 2320 crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:01:28.0575 2320 crcdisk - ok
14:01:28.0653 2320 CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:01:28.0662 2320 CSC - ok
14:01:28.0746 2320 DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:01:28.0748 2320 DfsC - ok
14:01:28.0798 2320 discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:01:28.0800 2320 discache - ok
14:01:28.0900 2320 Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:01:28.0902 2320 Disk - ok
14:01:29.0003 2320 drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:01:29.0004 2320 drmkaud - ok
14:01:29.0054 2320 dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:01:29.0060 2320 dtsoftbus01 - ok
14:01:29.0110 2320 dump_wmimmc - ok
14:01:29.0222 2320 DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:01:29.0240 2320 DXGKrnl - ok
14:01:29.0329 2320 E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:01:29.0333 2320 E1G60 - ok
14:01:29.0467 2320 ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:01:29.0508 2320 ebdrv - ok
14:01:29.0620 2320 elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:01:29.0630 2320 elxstor - ok
14:01:29.0692 2320 epmntdrv        (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
14:01:29.0694 2320 epmntdrv - ok
14:01:29.0754 2320 ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:01:29.0755 2320 ErrDev - ok
14:01:29.0796 2320 EuGdiDrv        (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
14:01:29.0798 2320 EuGdiDrv - ok
14:01:29.0870 2320 exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:01:29.0876 2320 exfat - ok
14:01:29.0957 2320 fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:01:29.0962 2320 fastfat - ok
14:01:30.0052 2320 fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:01:30.0054 2320 fdc - ok
14:01:30.0096 2320 FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:01:30.0097 2320 FileInfo - ok
14:01:30.0114 2320 Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:01:30.0116 2320 Filetrace - ok
14:01:30.0148 2320 flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:01:30.0150 2320 flpydisk - ok
14:01:30.0195 2320 FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:01:30.0199 2320 FltMgr - ok
14:01:30.0298 2320 FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:01:30.0300 2320 FsDepends - ok
14:01:30.0323 2320 Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:01:30.0324 2320 Fs_Rec - ok
14:01:30.0387 2320 fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:01:30.0392 2320 fvevol - ok
14:01:30.0471 2320 gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:01:30.0473 2320 gagp30kx - ok
14:01:30.0527 2320 hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:01:30.0529 2320 hcw85cir - ok
14:01:30.0631 2320 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:01:30.0638 2320 HdAudAddService - ok
14:01:30.0724 2320 HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:01:30.0726 2320 HDAudBus - ok
14:01:30.0764 2320 HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:01:30.0765 2320 HidBatt - ok
14:01:30.0794 2320 HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:01:30.0797 2320 HidBth - ok
14:01:30.0842 2320 HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:01:30.0859 2320 HidIr - ok
14:01:30.0971 2320 HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:01:30.0973 2320 HidUsb - ok
14:01:31.0078 2320 hitmanpro35     (c6ff685e2ea55c3ac5c90b9e7d6930c0) C:\Windows\system32\drivers\hitmanpro35.sys
14:01:31.0080 2320 hitmanpro35 - ok
14:01:31.0195 2320 HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:01:31.0217 2320 HpSAMD - ok
14:01:31.0342 2320 HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:01:31.0355 2320 HTTP - ok
14:01:31.0394 2320 hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:01:31.0395 2320 hwpolicy - ok
14:01:31.0486 2320 i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:01:31.0489 2320 i8042prt - ok
14:01:31.0524 2320 iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:01:31.0532 2320 iaStorV - ok
14:01:31.0661 2320 iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:01:31.0663 2320 iirsp - ok
14:01:31.0783 2320 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:01:31.0812 2320 IntcAzAudAddService - ok
14:01:31.0847 2320 intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:01:31.0849 2320 intelide - ok
14:01:31.0957 2320 intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:01:31.0960 2320 intelppm - ok
14:01:32.0030 2320 IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:01:32.0033 2320 IpFilterDriver - ok
14:01:32.0088 2320 IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:01:32.0091 2320 IPMIDRV - ok
14:01:32.0141 2320 IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:01:32.0145 2320 IPNAT - ok
14:01:32.0194 2320 IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:01:32.0196 2320 IRENUM - ok
14:01:32.0238 2320 isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:01:32.0240 2320 isapnp - ok
14:01:32.0323 2320 iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:01:32.0329 2320 iScsiPrt - ok
14:01:32.0377 2320 kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:01:32.0379 2320 kbdclass - ok
14:01:32.0453 2320 kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:01:32.0455 2320 kbdhid - ok
14:01:32.0503 2320 KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:01:32.0506 2320 KSecDD - ok
14:01:32.0534 2320 KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:01:32.0538 2320 KSecPkg - ok
14:01:32.0583 2320 ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:01:32.0585 2320 ksthunk - ok
14:01:32.0698 2320 lirsgt          (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
14:01:32.0699 2320 lirsgt - ok
14:01:32.0768 2320 lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:01:32.0770 2320 lltdio - ok
14:01:32.0894 2320 LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:01:32.0897 2320 LSI_FC - ok
14:01:32.0916 2320 LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:01:32.0920 2320 LSI_SAS - ok
14:01:32.0945 2320 LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:01:32.0947 2320 LSI_SAS2 - ok
14:01:33.0044 2320 LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:01:33.0047 2320 LSI_SCSI - ok
14:01:33.0097 2320 luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:01:33.0099 2320 luafv - ok
14:01:33.0210 2320 lvpopf64        (ce6e5146039d248feb991fbc9e2b6a7b) C:\Windows\system32\DRIVERS\lvpopf64.sys
14:01:33.0230 2320 lvpopf64 - ok
14:01:33.0322 2320 LVUSBS64        (6d5ea90f86f9b28cd44af6ba9be03bf9) C:\Windows\system32\drivers\LVUSBS64.sys
14:01:33.0324 2320 LVUSBS64 - ok
14:01:33.0470 2320 LVUVC64         (eb12688842ede30c843a123fa6855858) C:\Windows\system32\DRIVERS\lvuvc64.sys
14:01:33.0528 2320 LVUVC64 - ok
14:01:33.0606 2320 megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:01:33.0608 2320 megasas - ok
14:01:33.0663 2320 MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:01:33.0669 2320 MegaSR - ok
14:01:33.0724 2320 Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:01:33.0726 2320 Modem - ok
14:01:33.0785 2320 monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:01:33.0787 2320 monitor - ok
14:01:33.0861 2320 mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:01:33.0863 2320 mouclass - ok
14:01:33.0928 2320 mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:01:33.0930 2320 mouhid - ok
14:01:33.0968 2320 mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:01:33.0970 2320 mountmgr - ok
14:01:34.0021 2320 mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:01:34.0026 2320 mpio - ok
14:01:34.0073 2320 mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:01:34.0076 2320 mpsdrv - ok
14:01:34.0128 2320 MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:01:34.0132 2320 MRxDAV - ok
14:01:34.0175 2320 mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:34.0179 2320 mrxsmb - ok
14:01:34.0241 2320 mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:34.0245 2320 mrxsmb10 - ok
14:01:34.0273 2320 mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:34.0276 2320 mrxsmb20 - ok
14:01:34.0312 2320 msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:01:34.0314 2320 msahci - ok
14:01:34.0374 2320 msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:01:34.0378 2320 msdsm - ok
14:01:34.0457 2320 Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:01:34.0458 2320 Msfs - ok
14:01:34.0509 2320 mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:01:34.0510 2320 mshidkmdf - ok
14:01:34.0536 2320 msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:01:34.0537 2320 msisadrv - ok
14:01:34.0622 2320 MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:01:34.0624 2320 MSKSSRV - ok
14:01:34.0676 2320 MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:34.0678 2320 MSPCLOCK - ok
14:01:34.0742 2320 MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:01:34.0743 2320 MSPQM - ok
14:01:34.0821 2320 MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:01:34.0829 2320 MsRPC - ok
14:01:34.0907 2320 mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:01:34.0909 2320 mssmbios - ok
14:01:34.0965 2320 MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:01:34.0966 2320 MSTEE - ok
14:01:35.0007 2320 MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:01:35.0009 2320 MTConfig - ok
14:01:35.0057 2320 Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:01:35.0059 2320 Mup - ok
14:01:35.0134 2320 NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:01:35.0141 2320 NativeWifiP - ok
14:01:35.0253 2320 NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:01:35.0269 2320 NDIS - ok
14:01:35.0317 2320 NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:35.0319 2320 NdisCap - ok
14:01:35.0384 2320 NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:35.0386 2320 NdisTapi - ok
14:01:35.0451 2320 Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:35.0453 2320 Ndisuio - ok
14:01:35.0515 2320 NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:35.0519 2320 NdisWan - ok
14:01:35.0593 2320 NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:01:35.0595 2320 NDProxy - ok
14:01:35.0675 2320 NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:01:35.0676 2320 NetBIOS - ok
14:01:35.0720 2320 NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:01:35.0725 2320 NetBT - ok
14:01:35.0837 2320 nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:01:35.0840 2320 nfrd960 - ok
14:01:35.0886 2320 Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:01:35.0888 2320 Npfs - ok
14:01:35.0922 2320 NPPTNT2 - ok
14:01:35.0960 2320 nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:01:35.0962 2320 nsiproxy - ok
14:01:36.0037 2320 Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:01:36.0058 2320 Ntfs - ok
14:01:36.0097 2320 Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:01:36.0099 2320 Null - ok
14:01:36.0203 2320 NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:01:36.0211 2320 NVENETFD - ok
14:01:36.0538 2320 nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:01:36.0796 2320 nvlddmkm - ok
14:01:36.0880 2320 NVNET           (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
14:01:36.0887 2320 NVNET - ok
14:01:36.0961 2320 nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:01:36.0966 2320 nvraid - ok
14:01:37.0001 2320 nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:01:37.0005 2320 nvstor - ok
14:01:37.0040 2320 nvstor64        (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
14:01:37.0044 2320 nvstor64 - ok
14:01:37.0093 2320 nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:01:37.0097 2320 nv_agp - ok
14:01:37.0163 2320 ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:01:37.0166 2320 ohci1394 - ok
14:01:37.0265 2320 Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:01:37.0268 2320 Parport - ok
14:01:37.0307 2320 partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:01:37.0309 2320 partmgr - ok
14:01:37.0338 2320 pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:01:37.0342 2320 pci - ok
14:01:37.0374 2320 pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:01:37.0375 2320 pciide - ok
14:01:37.0448 2320 pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:01:37.0454 2320 pcmcia - ok
14:01:37.0533 2320 pcouffin        (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
14:01:37.0537 2320 pcouffin - ok
14:01:37.0579 2320 pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:01:37.0581 2320 pcw - ok
14:01:37.0627 2320 PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:01:37.0639 2320 PEAUTH - ok
14:01:37.0815 2320 PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:01:37.0818 2320 PptpMiniport - ok
14:01:37.0867 2320 Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:01:37.0870 2320 Processor - ok
14:01:37.0945 2320 Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:01:37.0948 2320 Psched - ok
14:01:38.0060 2320 ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:01:38.0086 2320 ql2300 - ok
14:01:38.0166 2320 ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:01:38.0170 2320 ql40xx - ok
14:01:38.0224 2320 QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:01:38.0226 2320 QWAVEdrv - ok
14:01:38.0267 2320 RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:01:38.0268 2320 RasAcd - ok
14:01:38.0328 2320 RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:38.0330 2320 RasAgileVpn - ok
14:01:38.0376 2320 Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:38.0380 2320 Rasl2tp - ok
14:01:38.0408 2320 RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:38.0411 2320 RasPppoe - ok
14:01:38.0434 2320 RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:01:38.0436 2320 RasSstp - ok
14:01:38.0492 2320 rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:01:38.0498 2320 rdbss - ok
14:01:38.0537 2320 rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:01:38.0539 2320 rdpbus - ok
14:01:38.0565 2320 RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:38.0566 2320 RDPCDD - ok
14:01:38.0607 2320 RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:01:38.0612 2320 RDPDR - ok
14:01:38.0676 2320 RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:01:38.0677 2320 RDPENCDD - ok
14:01:38.0710 2320 RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:01:38.0711 2320 RDPREFMP - ok
14:01:38.0842 2320 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:01:38.0844 2320 RdpVideoMiniport - ok
14:01:38.0902 2320 RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:01:38.0907 2320 RDPWD - ok
14:01:38.0966 2320 rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:01:38.0971 2320 rdyboost - ok
14:01:39.0033 2320 rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:01:39.0036 2320 rspndr - ok
14:01:39.0109 2320 RTL8187         (d4af0298e0031aeed81b241ff56e95d1) C:\Windows\system32\DRIVERS\wg111v2.sys
14:01:39.0118 2320 RTL8187 - ok
14:01:39.0187 2320 s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:01:39.0189 2320 s3cap - ok
14:01:39.0272 2320 SASDIFSV        (b2a29cc6c019fe738c39037c6218444c) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:01:39.0273 2320 SASDIFSV - ok
14:01:39.0320 2320 SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:01:39.0321 2320 SASKUTIL - ok
14:01:39.0382 2320 sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:01:39.0384 2320 sbp2port - ok
14:01:39.0476 2320 SCDEmu          (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
14:01:39.0478 2320 SCDEmu - ok
14:01:39.0513 2320 scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:01:39.0515 2320 scfilter - ok
14:01:39.0550 2320 SCMNdisP        (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
14:01:39.0552 2320 SCMNdisP - ok
14:01:39.0630 2320 secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:01:39.0632 2320 secdrv - ok
14:01:39.0751 2320 Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:01:39.0753 2320 Serenum - ok
14:01:39.0805 2320 Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:01:39.0809 2320 Serial - ok
14:01:39.0853 2320 sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:01:39.0855 2320 sermouse - ok
14:01:39.0936 2320 sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:01:39.0938 2320 sffdisk - ok
14:01:39.0988 2320 sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:01:39.0990 2320 sffp_mmc - ok
14:01:40.0035 2320 sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:01:40.0036 2320 sffp_sd - ok
14:01:40.0091 2320 sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:01:40.0093 2320 sfloppy - ok
14:01:40.0172 2320 SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:01:40.0174 2320 SiSRaid2 - ok
14:01:40.0267 2320 SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:01:40.0269 2320 SiSRaid4 - ok
14:01:40.0342 2320 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
14:01:40.0344 2320 SmartDefragDriver - ok
14:01:40.0418 2320 Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:01:40.0421 2320 Smb - ok
14:01:40.0480 2320 spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:01:40.0481 2320 spldr - ok
14:01:40.0564 2320 srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:01:40.0573 2320 srv - ok
14:01:40.0619 2320 srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:01:40.0627 2320 srv2 - ok
14:01:40.0655 2320 srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:01:40.0659 2320 srvnet - ok
14:01:40.0746 2320 ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
14:01:40.0750 2320 ssadbus - ok
14:01:40.0790 2320 ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:01:40.0792 2320 ssadmdfl - ok
14:01:40.0846 2320 ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:01:40.0851 2320 ssadmdm - ok
14:01:40.0876 2320 ssadserd        (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
14:01:40.0880 2320 ssadserd - ok
14:01:41.0054 2320 stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:01:41.0056 2320 stexstor - ok
14:01:41.0136 2320 storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:01:41.0138 2320 storflt - ok
14:01:41.0186 2320 storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:01:41.0188 2320 storvsc - ok
14:01:41.0214 2320 swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:01:41.0216 2320 swenum - ok
14:01:41.0284 2320 Synth3dVsc - ok
14:01:41.0383 2320 Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
14:01:41.0402 2320 Tcpip - ok
14:01:41.0507 2320 TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
14:01:41.0521 2320 TCPIP6 - ok
14:01:41.0556 2320 tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:01:41.0557 2320 tcpipreg - ok
14:01:41.0612 2320 TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:01:41.0614 2320 TDPIPE - ok
14:01:41.0662 2320 TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:01:41.0664 2320 TDTCP - ok
14:01:41.0712 2320 tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:01:41.0715 2320 tdx - ok
14:01:41.0799 2320 TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:01:41.0802 2320 TermDD - ok
14:01:41.0892 2320 tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:41.0894 2320 tssecsrv - ok
14:01:41.0942 2320 TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:01:41.0945 2320 TsUsbFlt - ok
14:01:41.0976 2320 tsusbhub - ok
14:01:42.0064 2320 tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:01:42.0067 2320 tunnel - ok
14:01:42.0113 2320 uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:01:42.0116 2320 uagp35 - ok
14:01:42.0188 2320 udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:01:42.0194 2320 udfs - ok
14:01:42.0255 2320 uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:01:42.0258 2320 uliagpkx - ok
14:01:42.0294 2320 umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:01:42.0295 2320 umbus - ok
14:01:42.0327 2320 UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:01:42.0328 2320 UmPass - ok
14:01:42.0393 2320 usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:01:42.0396 2320 usbaudio - ok
14:01:42.0419 2320 usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:42.0423 2320 usbccgp - ok
14:01:42.0530 2320 usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:01:42.0533 2320 usbcir - ok
14:01:42.0560 2320 usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:01:42.0562 2320 usbehci - ok
14:01:42.0601 2320 usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:01:42.0608 2320 usbhub - ok
14:01:42.0627 2320 usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:01:42.0629 2320 usbohci - ok
14:01:42.0717 2320 usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:01:42.0719 2320 usbprint - ok
14:01:42.0761 2320 USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:42.0763 2320 USBSTOR - ok
14:01:42.0801 2320 usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:01:42.0803 2320 usbuhci - ok
14:01:42.0875 2320 usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
14:01:42.0876 2320 usb_rndisx - ok
14:01:42.0957 2320 vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:01:42.0959 2320 vdrvroot - ok
14:01:42.0991 2320 vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:42.0993 2320 vga - ok
14:01:43.0027 2320 VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:01:43.0029 2320 VgaSave - ok
14:01:43.0050 2320 VGPU - ok
14:01:43.0170 2320 vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:01:43.0176 2320 vhdmp - ok
14:01:43.0208 2320 viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:01:43.0209 2320 viaide - ok
14:01:43.0248 2320 vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:01:43.0253 2320 vmbus - ok
14:01:43.0289 2320 VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:01:43.0291 2320 VMBusHID - ok
14:01:43.0323 2320 volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:01:43.0325 2320 volmgr - ok
14:01:43.0359 2320 volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:01:43.0366 2320 volmgrx - ok
14:01:43.0408 2320 volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:01:43.0415 2320 volsnap - ok
14:01:43.0518 2320 vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:01:43.0522 2320 vsmraid - ok
14:01:43.0558 2320 vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:01:43.0560 2320 vwifibus - ok
14:01:43.0608 2320 vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:01:43.0610 2320 vwififlt - ok
14:01:43.0647 2320 WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:01:43.0649 2320 WacomPen - ok
14:01:43.0710 2320 WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:43.0713 2320 WANARP - ok
14:01:43.0721 2320 Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:43.0723 2320 Wanarpv6 - ok
14:01:43.0819 2320 Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:01:43.0821 2320 Wd - ok
14:01:43.0903 2320 Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:01:43.0915 2320 Wdf01000 - ok
14:01:44.0010 2320 WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:44.0011 2320 WfpLwf - ok
14:01:44.0047 2320 WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:01:44.0048 2320 WIMMount - ok
14:01:44.0178 2320 WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:01:44.0180 2320 WinUsb - ok
14:01:44.0267 2320 WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:01:44.0269 2320 WmiAcpi - ok
14:01:44.0335 2320 ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:01:44.0337 2320 ws2ifsl - ok
14:01:44.0389 2320 WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:01:44.0392 2320 WudfPf - ok
14:01:44.0454 2320 WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:44.0458 2320 WUDFRd - ok
14:01:44.0500 2320 MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:01:44.0849 2320 \Device\Harddisk0\DR0 - ok
14:01:44.0856 2320 Boot (0x1200)   (4628619f355d5c3aed6bd64b203f9bc8) \Device\Harddisk0\DR0\Partition0
14:01:44.0857 2320 \Device\Harddisk0\DR0\Partition0 - ok
14:01:44.0893 2320 Boot (0x1200)   (4f69dd842f61f4bba2a1800d6d07b4c1) \Device\Harddisk0\DR0\Partition1
14:01:44.0894 2320 \Device\Harddisk0\DR0\Partition1 - ok
14:01:44.0921 2320 Boot (0x1200)   (9df5738c04e7acfc12eaf4e370c9c48f) \Device\Harddisk0\DR0\Partition2
14:01:44.0922 2320 \Device\Harddisk0\DR0\Partition2 - ok
14:01:44.0945 2320 Boot (0x1200)   (ba4a60e17645bd076e423d0f8508b916) \Device\Harddisk0\DR0\Partition3
14:01:44.0946 2320 \Device\Harddisk0\DR0\Partition3 - ok
14:01:44.0947 2320 ============================================================
14:01:44.0947 2320 Scan finished
14:01:44.0947 2320 ============================================================
14:01:44.0966 2444 Detected object count: 0
14:01:44.0967 2444 Actual detected object count: 0
14:01:54.0683 3872 ============================================================
14:01:54.0683 3872 Scan started
14:01:54.0683 3872 Mode: Manual; SigCheck; TDLFS; 
14:01:54.0683 3872 ============================================================
14:01:55.0174 3872 1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:01:55.0260 3872 1394ohci - ok
14:01:55.0280 3872 ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:01:55.0298 3872 ACPI - ok
14:01:55.0324 3872 AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:01:55.0366 3872 AcpiPmi - ok
14:01:55.0411 3872 adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:01:55.0431 3872 adp94xx - ok
14:01:55.0517 3872 adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:01:55.0545 3872 adpahci - ok
14:01:55.0580 3872 adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:01:55.0603 3872 adpu320 - ok
14:01:55.0659 3872 AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:01:55.0794 3872 AFD - ok
14:01:56.0149 3872 agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:01:56.0164 3872 agp440 - ok
14:01:56.0246 3872 aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:01:56.0267 3872 aliide - ok
14:01:56.0289 3872 amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:01:56.0301 3872 amdide - ok
14:01:56.0358 3872 AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:01:56.0423 3872 AmdK8 - ok
14:01:56.0444 3872 AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:01:56.0475 3872 AmdPPM - ok
14:01:56.0503 3872 amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:01:56.0518 3872 amdsata - ok
14:01:56.0552 3872 amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:01:56.0569 3872 amdsbs - ok
14:01:56.0640 3872 amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:01:56.0659 3872 amdxata - ok
14:01:56.0726 3872 androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
14:01:56.0759 3872 androidusb - ok
14:01:56.0814 3872 AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:01:56.0927 3872 AppID - ok
14:01:57.0021 3872 arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:01:57.0036 3872 arc - ok
14:01:57.0093 3872 arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:01:57.0117 3872 arcsas - ok
14:01:57.0140 3872 AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:57.0262 3872 AsyncMac - ok
14:01:57.0312 3872 atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:01:57.0331 3872 atapi - ok
14:01:57.0384 3872 AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
14:01:57.0397 3872 AtiHdmiService - ok
14:01:57.0543 3872 atikmdag        (a47b3fce2d47eab02c608aa8200ccb7e) C:\Windows\system32\DRIVERS\atikmdag.sys
14:01:57.0685 3872 atikmdag - ok
14:01:57.0758 3872 atksgt          (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
14:01:57.0771 3872 atksgt - ok
14:01:57.0813 3872 avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
14:01:57.0825 3872 avgntflt - ok
14:01:57.0853 3872 avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
14:01:57.0866 3872 avipbb - ok
14:01:57.0932 3872 b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:01:57.0992 3872 b06bdrv - ok
14:01:58.0025 3872 b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:01:58.0065 3872 b57nd60a - ok
14:01:58.0129 3872 Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:01:58.0176 3872 Beep - ok
14:01:58.0194 3872 BlackBox - ok
14:01:58.0213 3872 blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:01:58.0231 3872 blbdrive - ok
14:01:58.0251 3872 bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:01:58.0277 3872 bowser - ok
14:01:58.0315 3872 BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:01:58.0377 3872 BrFiltLo - ok
14:01:58.0407 3872 BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:01:58.0448 3872 BrFiltUp - ok
14:01:58.0521 3872 Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:01:58.0583 3872 Brserid - ok
14:01:58.0624 3872 BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:58.0667 3872 BrSerWdm - ok
14:01:58.0699 3872 BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:58.0737 3872 BrUsbMdm - ok
14:01:58.0768 3872 BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:58.0812 3872 BrUsbSer - ok
14:01:58.0879 3872 BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:01:58.0923 3872 BTHMODEM - ok
14:01:58.0949 3872 cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:01:58.0997 3872 cdfs - ok
14:01:59.0025 3872 cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:01:59.0056 3872 cdrom - ok
14:01:59.0099 3872 circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:01:59.0152 3872 circlass - ok
14:01:59.0218 3872 CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:01:59.0242 3872 CLFS - ok
14:01:59.0292 3872 CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:01:59.0329 3872 CmBatt - ok
14:01:59.0366 3872 cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:01:59.0377 3872 cmdide - ok
14:01:59.0412 3872 CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:01:59.0437 3872 CNG - ok
14:01:59.0455 3872 Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:01:59.0466 3872 Compbatt - ok
14:01:59.0486 3872 CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:01:59.0514 3872 CompositeBus - ok
14:01:59.0583 3872 crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:01:59.0602 3872 crcdisk - ok
14:01:59.0662 3872 CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:01:59.0729 3872 CSC - ok
14:01:59.0797 3872 DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:01:59.0845 3872 DfsC - ok
14:01:59.0883 3872 discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:01:59.0935 3872 discache - ok
14:02:00.0002 3872 Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:02:00.0019 3872 Disk - ok
14:02:00.0079 3872 drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:02:00.0128 3872 drmkaud - ok
14:02:00.0163 3872 dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:02:00.0177 3872 dtsoftbus01 - ok
14:02:00.0194 3872 dump_wmimmc - ok
14:02:00.0240 3872 DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:02:00.0270 3872 DXGKrnl - ok
14:02:00.0350 3872 E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:02:00.0395 3872 E1G60 - ok
14:02:00.0500 3872 ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:02:00.0561 3872 ebdrv - ok
14:02:00.0597 3872 elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:02:00.0617 3872 elxstor - ok
14:02:00.0663 3872 epmntdrv        (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
14:02:00.0700 3872 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
14:02:00.0700 3872 epmntdrv - detected UnsignedFile.Multi.Generic (1)
14:02:00.0766 3872 ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:02:00.0819 3872 ErrDev - ok
14:02:00.0850 3872 EuGdiDrv        (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
14:02:00.0878 3872 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
14:02:00.0878 3872 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
14:02:00.0933 3872 exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:02:01.0019 3872 exfat - ok
14:02:01.0053 3872 fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:02:01.0115 3872 fastfat - ok
14:02:01.0181 3872 fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:02:01.0236 3872 fdc - ok
14:02:01.0266 3872 FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:02:01.0278 3872 FileInfo - ok
14:02:01.0294 3872 Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:02:01.0344 3872 Filetrace - ok
14:02:01.0378 3872 flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:02:01.0400 3872 flpydisk - ok
14:02:01.0441 3872 FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:02:01.0458 3872 FltMgr - ok
14:02:01.0536 3872 FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:02:01.0555 3872 FsDepends - ok
14:02:01.0569 3872 Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:02:01.0588 3872 Fs_Rec - ok
14:02:01.0608 3872 fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:02:01.0637 3872 fvevol - ok
14:02:01.0667 3872 gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:02:01.0679 3872 gagp30kx - ok
14:02:01.0715 3872 hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:02:01.0765 3872 hcw85cir - ok
14:02:01.0802 3872 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:02:01.0833 3872 HdAudAddService - ok
14:02:01.0887 3872 HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:02:01.0927 3872 HDAudBus - ok
14:02:01.0968 3872 HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:02:01.0985 3872 HidBatt - ok
14:02:01.0999 3872 HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:02:02.0020 3872 HidBth - ok
14:02:02.0038 3872 HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:02:02.0083 3872 HidIr - ok
14:02:02.0109 3872 HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:02:02.0134 3872 HidUsb - ok
14:02:02.0175 3872 hitmanpro35     (c6ff685e2ea55c3ac5c90b9e7d6930c0) C:\Windows\system32\drivers\hitmanpro35.sys
14:02:02.0190 3872 hitmanpro35 - ok
14:02:02.0283 3872 HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:02:02.0304 3872 HpSAMD - ok
14:02:02.0356 3872 HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:02:02.0422 3872 HTTP - ok
14:02:02.0448 3872 hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:02:02.0459 3872 hwpolicy - ok
14:02:02.0481 3872 i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:02:02.0498 3872 i8042prt - ok
14:02:02.0536 3872 iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:02:02.0567 3872 iaStorV - ok
14:02:02.0666 3872 iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:02:02.0685 3872 iirsp - ok
14:02:02.0788 3872 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:02:02.0848 3872 IntcAzAudAddService - ok
14:02:02.0877 3872 intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:02:02.0888 3872 intelide - ok
14:02:02.0911 3872 intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:02:02.0948 3872 intelppm - ok
14:02:02.0993 3872 IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:02:03.0056 3872 IpFilterDriver - ok
14:02:03.0142 3872 IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:02:03.0168 3872 IPMIDRV - ok
14:02:03.0212 3872 IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:02:03.0281 3872 IPNAT - ok
14:02:03.0298 3872 IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:02:03.0328 3872 IRENUM - ok
14:02:03.0359 3872 isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:02:03.0370 3872 isapnp - ok
14:02:03.0393 3872 iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:02:03.0408 3872 iScsiPrt - ok
14:02:03.0440 3872 kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:02:03.0451 3872 kbdclass - ok
14:02:03.0482 3872 kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:02:03.0519 3872 kbdhid - ok
14:02:03.0583 3872 KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:02:03.0604 3872 KSecDD - ok
14:02:03.0631 3872 KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:02:03.0656 3872 KSecPkg - ok
14:02:03.0679 3872 ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:02:03.0750 3872 ksthunk - ok
14:02:03.0793 3872 lirsgt          (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
14:02:03.0804 3872 lirsgt - ok
14:02:03.0822 3872 lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:02:03.0864 3872 lltdio - ok
14:02:03.0915 3872 LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:02:03.0937 3872 LSI_FC - ok
14:02:03.0954 3872 LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:02:03.0966 3872 LSI_SAS - ok
14:02:04.0049 3872 LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:02:04.0071 3872 LSI_SAS2 - ok
14:02:04.0098 3872 LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:02:04.0120 3872 LSI_SCSI - ok
14:02:04.0159 3872 luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:02:04.0233 3872 luafv - ok
14:02:04.0414 3872 lvpopf64        (ce6e5146039d248feb991fbc9e2b6a7b) C:\Windows\system32\DRIVERS\lvpopf64.sys
14:02:04.0455 3872 lvpopf64 - ok
14:02:04.0485 3872 LVUSBS64        (6d5ea90f86f9b28cd44af6ba9be03bf9) C:\Windows\system32\drivers\LVUSBS64.sys
14:02:04.0495 3872 LVUSBS64 - ok
14:02:04.0606 3872 LVUVC64         (eb12688842ede30c843a123fa6855858) C:\Windows\system32\DRIVERS\lvuvc64.sys
14:02:04.0694 3872 LVUVC64 - ok
14:02:04.0769 3872 megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:02:04.0788 3872 megasas - ok
14:02:04.0817 3872 MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:02:04.0845 3872 MegaSR - ok
14:02:04.0870 3872 Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:02:04.0931 3872 Modem - ok
14:02:04.0956 3872 monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:02:04.0981 3872 monitor - ok
14:02:05.0007 3872 mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:02:05.0019 3872 mouclass - ok
14:02:05.0082 3872 mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:02:05.0114 3872 mouhid - ok
14:02:05.0138 3872 mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:02:05.0151 3872 mountmgr - ok
14:02:05.0184 3872 mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:02:05.0197 3872 mpio - ok
14:02:05.0236 3872 mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:02:05.0290 3872 mpsdrv - ok
14:02:05.0332 3872 MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:02:05.0376 3872 MRxDAV - ok
14:02:05.0404 3872 mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:02:05.0427 3872 mrxsmb - ok
14:02:05.0497 3872 mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:02:05.0535 3872 mrxsmb10 - ok
14:02:05.0552 3872 mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:02:05.0568 3872 mrxsmb20 - ok
14:02:05.0608 3872 msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:02:05.0620 3872 msahci - ok
14:02:05.0646 3872 msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:02:05.0662 3872 msdsm - ok
14:02:05.0711 3872 Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:02:05.0752 3872 Msfs - ok
14:02:05.0771 3872 mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:02:05.0817 3872 mshidkmdf - ok
14:02:05.0874 3872 msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:02:05.0894 3872 msisadrv - ok
14:02:05.0935 3872 MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:02:06.0000 3872 MSKSSRV - ok
14:02:06.0031 3872 MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:02:06.0100 3872 MSPCLOCK - ok
14:02:06.0129 3872 MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:02:06.0192 3872 MSPQM - ok
14:02:06.0216 3872 MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:02:06.0234 3872 MsRPC - ok
14:02:06.0253 3872 mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:02:06.0266 3872 mssmbios - ok
14:02:06.0344 3872 MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:02:06.0426 3872 MSTEE - ok
14:02:06.0453 3872 MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:02:06.0505 3872 MTConfig - ok
14:02:06.0520 3872 Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:02:06.0533 3872 Mup - ok
14:02:06.0562 3872 NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:02:06.0592 3872 NativeWifiP - ok
14:02:06.0641 3872 NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:02:06.0683 3872 NDIS - ok
14:02:06.0755 3872 NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:02:06.0812 3872 NdisCap - ok
14:02:06.0847 3872 NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:02:06.0896 3872 NdisTapi - ok
14:02:06.0922 3872 Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:02:06.0989 3872 Ndisuio - ok
14:02:07.0019 3872 NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:02:07.0082 3872 NdisWan - ok
14:02:07.0147 3872 NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:02:07.0207 3872 NDProxy - ok
14:02:07.0237 3872 NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:02:07.0279 3872 NetBIOS - ok
14:02:07.0306 3872 NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:02:07.0361 3872 NetBT - ok
14:02:07.0416 3872 nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:02:07.0428 3872 nfrd960 - ok
14:02:07.0465 3872 Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:02:07.0512 3872 Npfs - ok
14:02:07.0557 3872 NPPTNT2 - ok
14:02:07.0581 3872 nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:02:07.0651 3872 nsiproxy - ok
14:02:07.0716 3872 Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:02:07.0761 3872 Ntfs - ok
14:02:07.0785 3872 Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:02:07.0832 3872 Null - ok
14:02:07.0865 3872 NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:02:07.0888 3872 NVENETFD - ok
14:02:08.0201 3872 nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:02:08.0447 3872 nvlddmkm - ok
14:02:08.0525 3872 NVNET           (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
14:02:08.0541 3872 NVNET - ok
14:02:08.0590 3872 nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:02:08.0604 3872 nvraid - ok
14:02:08.0630 3872 nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:02:08.0646 3872 nvstor - ok
14:02:08.0712 3872 nvstor64        (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
14:02:08.0734 3872 nvstor64 - ok
14:02:08.0772 3872 nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:02:08.0794 3872 nv_agp - ok
14:02:08.0826 3872 ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:02:08.0868 3872 ohci1394 - ok
14:02:08.0911 3872 Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:02:08.0927 3872 Parport - ok
14:02:09.0028 3872 partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:02:09.0050 3872 partmgr - ok
14:02:09.0078 3872 pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:02:09.0092 3872 pci - ok
14:02:09.0104 3872 pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:02:09.0115 3872 pciide - ok
14:02:09.0143 3872 pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:02:09.0158 3872 pcmcia - ok
14:02:09.0204 3872 pcouffin        (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
14:02:09.0263 3872 pcouffin - ok
14:02:09.0300 3872 pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:02:09.0322 3872 pcw - ok
14:02:09.0407 3872 PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:02:09.0471 3872 PEAUTH - ok
14:02:09.0561 3872 PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:02:09.0613 3872 PptpMiniport - ok
14:02:09.0638 3872 Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:02:09.0669 3872 Processor - ok
14:02:09.0707 3872 Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:02:09.0752 3872 Psched - ok
14:02:09.0864 3872 ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:02:09.0911 3872 ql2300 - ok
14:02:09.0936 3872 ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:02:09.0950 3872 ql40xx - ok
14:02:09.0986 3872 QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:02:10.0018 3872 QWAVEdrv - ok
14:02:10.0046 3872 RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:02:10.0107 3872 RasAcd - ok
14:02:10.0140 3872 RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:02:10.0201 3872 RasAgileVpn - ok
14:02:10.0230 3872 Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:02:10.0287 3872 Rasl2tp - ok
14:02:10.0362 3872 RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:02:10.0419 3872 RasPppoe - ok
14:02:10.0496 3872 RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:02:10.0562 3872 RasSstp - ok
14:02:10.0595 3872 rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:02:10.0664 3872 rdbss - ok
14:02:10.0733 3872 rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:02:10.0771 3872 rdpbus - ok
14:02:10.0786 3872 RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:02:10.0827 3872 RDPCDD - ok
14:02:10.0869 3872 RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:02:10.0928 3872 RDPDR - ok
14:02:10.0988 3872 RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:02:11.0048 3872 RDPENCDD - ok
14:02:11.0063 3872 RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:02:11.0104 3872 RDPREFMP - ok
14:02:11.0147 3872 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:02:11.0211 3872 RdpVideoMiniport - ok
14:02:11.0415 3872 RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:02:11.0468 3872 RDPWD - ok
14:02:11.0512 3872 rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:02:11.0536 3872 rdyboost - ok
14:02:11.0587 3872 rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:02:11.0640 3872 rspndr - ok
14:02:11.0670 3872 RTL8187         (d4af0298e0031aeed81b241ff56e95d1) C:\Windows\system32\DRIVERS\wg111v2.sys
14:02:11.0704 3872 RTL8187 - ok
14:02:11.0774 3872 s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:02:11.0845 3872 s3cap - ok
14:02:11.0901 3872 SASDIFSV        (b2a29cc6c019fe738c39037c6218444c) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:02:11.0916 3872 SASDIFSV - ok
14:02:11.0941 3872 SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:02:11.0950 3872 SASKUTIL - ok
14:02:11.0995 3872 sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:02:12.0017 3872 sbp2port - ok
14:02:12.0055 3872 SCDEmu          (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
14:02:12.0066 3872 SCDEmu - ok
14:02:12.0125 3872 scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:02:12.0183 3872 scfilter - ok
14:02:12.0213 3872 SCMNdisP        (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
14:02:12.0227 3872 SCMNdisP - ok
14:02:12.0268 3872 secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:02:12.0311 3872 secdrv - ok
14:02:12.0355 3872 Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:02:12.0399 3872 Serenum - ok
14:02:12.0426 3872 Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:02:12.0450 3872 Serial - ok
14:02:12.0524 3872 sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:02:12.0549 3872 sermouse - ok
14:02:12.0607 3872 sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:02:12.0658 3872 sffdisk - ok
14:02:12.0684 3872 sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:02:12.0727 3872 sffp_mmc - ok
14:02:12.0756 3872 sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:02:12.0804 3872 sffp_sd - ok
14:02:12.0846 3872 sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:02:12.0864 3872 sfloppy - ok
14:02:12.0901 3872 SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:02:12.0913 3872 SiSRaid2 - ok
14:02:13.0005 3872 SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:02:13.0026 3872 SiSRaid4 - ok
14:02:13.0072 3872 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
14:02:13.0088 3872 SmartDefragDriver - ok
14:02:13.0113 3872 Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:02:13.0156 3872 Smb - ok
14:02:13.0201 3872 spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:02:13.0212 3872 spldr - ok
14:02:13.0266 3872 srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:02:13.0291 3872 srv - ok
14:02:13.0321 3872 srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:02:13.0352 3872 srv2 - ok
14:02:13.0409 3872 srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:02:13.0444 3872 srvnet - ok
14:02:13.0475 3872 ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
14:02:13.0486 3872 ssadbus - ok
14:02:13.0520 3872 ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:02:13.0529 3872 ssadmdfl - ok
14:02:13.0549 3872 ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:02:13.0562 3872 ssadmdm - ok
14:02:13.0596 3872 ssadserd        (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
14:02:13.0608 3872 ssadserd - ok
14:02:13.0675 3872 stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:02:13.0694 3872 stexstor - ok
14:02:13.0774 3872 storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:02:13.0794 3872 storflt - ok
14:02:13.0824 3872 storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:02:13.0843 3872 storvsc - ok
14:02:13.0869 3872 swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:02:13.0887 3872 swenum - ok
14:02:13.0908 3872 Synth3dVsc - ok
14:02:14.0004 3872 Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
14:02:14.0059 3872 Tcpip - ok
14:02:14.0100 3872 TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
14:02:14.0153 3872 TCPIP6 - ok
14:02:14.0185 3872 tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:02:14.0233 3872 tcpipreg - ok
14:02:14.0275 3872 TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:02:14.0346 3872 TDPIPE - ok
14:02:14.0408 3872 TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:02:14.0464 3872 TDTCP - ok
14:02:14.0499 3872 tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:02:14.0540 3872 tdx - ok
14:02:14.0570 3872 TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:02:14.0582 3872 TermDD - ok
14:02:14.0630 3872 tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:02:14.0680 3872 tssecsrv - ok
14:02:14.0721 3872 TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:02:14.0740 3872 TsUsbFlt - ok
14:02:14.0751 3872 tsusbhub - ok
14:02:14.0793 3872 tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:02:14.0854 3872 tunnel - ok
14:02:14.0925 3872 uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:02:14.0947 3872 uagp35 - ok
14:02:14.0992 3872 udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:02:15.0062 3872 udfs - ok
14:02:15.0117 3872 uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:02:15.0129 3872 uliagpkx - ok
14:02:15.0156 3872 umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:02:15.0172 3872 umbus - ok
14:02:15.0206 3872 UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:02:15.0245 3872 UmPass - ok
14:02:15.0272 3872 usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:02:15.0303 3872 usbaudio - ok
14:02:15.0349 3872 usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:02:15.0391 3872 usbccgp - ok
14:02:15.0442 3872 usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:02:15.0494 3872 usbcir - ok
14:02:15.0506 3872 usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:02:15.0530 3872 usbehci - ok
14:02:15.0554 3872 usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:02:15.0590 3872 usbhub - ok
14:02:15.0599 3872 usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:02:15.0615 3872 usbohci - ok
14:02:15.0654 3872 usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:02:15.0673 3872 usbprint - ok
14:02:15.0699 3872 USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:02:15.0748 3872 USBSTOR - ok
14:02:15.0830 3872 usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:02:15.0871 3872 usbuhci - ok
14:02:15.0904 3872 usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
14:02:15.0924 3872 usb_rndisx - ok
14:02:15.0953 3872 vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:02:15.0965 3872 vdrvroot - ok
14:02:15.0995 3872 vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:02:16.0022 3872 vga - ok
14:02:16.0131 3872 VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:02:16.0254 3872 VgaSave - ok
14:02:16.0263 3872 VGPU - ok
14:02:16.0325 3872 vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:02:16.0350 3872 vhdmp - ok
14:02:16.0428 3872 viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:02:16.0449 3872 viaide - ok
14:02:16.0477 3872 vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:02:16.0492 3872 vmbus - ok
14:02:16.0518 3872 VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:02:16.0549 3872 VMBusHID - ok
14:02:16.0568 3872 volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:02:16.0581 3872 volmgr - ok
14:02:16.0612 3872 volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:02:16.0629 3872 volmgrx - ok
14:02:16.0653 3872 volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:02:16.0669 3872 volsnap - ok
14:02:16.0705 3872 vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:02:16.0718 3872 vsmraid - ok
14:02:16.0787 3872 vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:02:16.0816 3872 vwifibus - ok
14:02:16.0828 3872 vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:02:16.0864 3872 vwififlt - ok
14:02:16.0893 3872 WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:02:16.0907 3872 WacomPen - ok
14:02:16.0931 3872 WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:02:16.0990 3872 WANARP - ok
14:02:17.0001 3872 Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:02:17.0042 3872 Wanarpv6 - ok
14:02:17.0098 3872 Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:02:17.0109 3872 Wd - ok
14:02:17.0157 3872 Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:02:17.0187 3872 Wdf01000 - ok
14:02:17.0281 3872 WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:02:17.0340 3872 WfpLwf - ok
14:02:17.0367 3872 WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:02:17.0379 3872 WIMMount - ok
14:02:17.0449 3872 WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:02:17.0468 3872 WinUsb - ok
14:02:17.0505 3872 WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:02:17.0537 3872 WmiAcpi - ok
14:02:17.0581 3872 ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:02:17.0622 3872 ws2ifsl - ok
14:02:17.0677 3872 WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:02:17.0739 3872 WudfPf - ok
14:02:17.0750 3872 WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:02:17.0796 3872 WUDFRd - ok
14:02:17.0838 3872 MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:02:18.0166 3872 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:02:18.0166 3872 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:02:18.0174 3872 Boot (0x1200)   (4628619f355d5c3aed6bd64b203f9bc8) \Device\Harddisk0\DR0\Partition0
14:02:18.0174 3872 \Device\Harddisk0\DR0\Partition0 - ok
14:02:18.0205 3872 Boot (0x1200)   (4f69dd842f61f4bba2a1800d6d07b4c1) \Device\Harddisk0\DR0\Partition1
14:02:18.0207 3872 \Device\Harddisk0\DR0\Partition1 - ok
14:02:18.0225 3872 Boot (0x1200)   (9df5738c04e7acfc12eaf4e370c9c48f) \Device\Harddisk0\DR0\Partition2
14:02:18.0226 3872 \Device\Harddisk0\DR0\Partition2 - ok
14:02:18.0249 3872 Boot (0x1200)   (ba4a60e17645bd076e423d0f8508b916) \Device\Harddisk0\DR0\Partition3
14:02:18.0250 3872 \Device\Harddisk0\DR0\Partition3 - ok
14:02:18.0251 3872 ============================================================
14:02:18.0251 3872 Scan finished
14:02:18.0251 3872 ============================================================
14:02:18.0267 4036 Detected object count: 3
14:02:18.0267 4036 Actual detected object count: 3
14:02:41.0369 4036 HKLM\SYSTEM\ControlSet001\services\epmntdrv - will be deleted on reboot
14:02:41.0395 4036 HKLM\SYSTEM\ControlSet002\services\epmntdrv - will be deleted on reboot
14:02:41.0411 4036 C:\Windows\system32\epmntdrv.sys - will be deleted on reboot
14:02:41.0411 4036 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Delete 
14:02:41.0416 4036 HKLM\SYSTEM\ControlSet001\services\EuGdiDrv - will be deleted on reboot
14:02:41.0422 4036 HKLM\SYSTEM\ControlSet002\services\EuGdiDrv - will be deleted on reboot
14:02:41.0425 4036 C:\Windows\system32\EuGdiDrv.sys - will be deleted on reboot
14:02:41.0425 4036 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Delete 
14:02:41.0430 4036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:02:41.0430 4036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
14:02:46.0961 3700 Deinitialize success


#5 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 23 October 2014 - 06:47 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 01
Ran by Steve (administrator) on STEVE-PC on 15-10-2014 18:35:53
Running from C:\Users\Steve\Desktop
Loaded Profile: Steve (Available profiles: Steve)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(UASSOFT.COM) C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\WinService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Policies\Explorer: [3212083974] 0x504B0304C239B7F8068374BFB511000000400000E269F63D73594F6202C9694280CC96A28BBD63516FE3C2D5F7A2FF87AC3A990C3EC3B2ED7B07716237A0DFB1DFB651F67E31CB2E7649F98D5E55E9B25B1A579794989B176C357BDCC11226BD6ECB7DE8A63EA2165F6B31EAD6B0A2A96A6E9D04B9B39F194EF52D48B088D4B6597F685A70FF6912914F86D8235681747DA26CFD83223D3D248872C51095484634EBF976E4595F734BD35CAF42B38DCF9E878AF0BE0A5E84B22940F721E8BBCDCBAA3E53607359252DB16C0D6C38A142261BB4896D12A48C006CC3C21FDF717C155B2AF0375D2545EE286C2AECB2955206EF25C82DC686F7EB83BB3072E94E1E59254B11A2E3628E1D98E177375B54E682A1C77F986E1907FFCB784ACCACB124189751D7EBBAFC91D3A127F134A85E27F8C201D9082F621F5FFFAC09D2AAB94A62F90BD74D6C96A8DB6D42E4E98316449D202A4E24857673E2A50B7DFD9D5AF72A21A19A922ACC9675BA933A1C6AD4E0A11470FBB82EED7A79C5CA2DBB0BEC5B2B43BAA37373D3EF494726D7CF4A4AA8A3D6A5C206CED49148C0100BFA96B707BE91B855151D8DA8E0723DD1303325011B3951C9DF7B10E9B153BCED98376C4D7517F2E0E23A986914B2B0F978454441C47B5797D924CE9CD186D74D308099EE52F226E92DE6B50E4A0691F75CFA9CE733494B8CAFAEB4BE4C65F6C9DFFA34A3C2ED9D14F5844164BE79B7A90495290350177B03AEFA777FF519B624E3C75C219260AC447BBA9A6DB56F34B340A5F75837FAB3C33831A3BC39C2914AEB87A39545BD7ED52450EB7E94D5380E2BABCE3F8EE6E3CDC9D4ED54D9889D9DBD0DC879CAA2B121048A308A7F873252DAD24EA8F8911EA0A3B202DE930A9FC882CF1349FFE229016B2EBFD7821B8986D31DECCBC296BA54FD6D864C915F1D77AC0734D96FE0BA43A669FAB128026C7F90E9E1E0A7047F5A2378E4DE0966EB6C217B3483194B2B21A3FA8A1CBEF1D66A3FC8A5C863BCEA6157981A11449BAE3357F3287501CB9C24E0AFB156F5DDFD6855CD8B7B43FEABD9412C1C208B5DE2330C469A59DE5B490CC06BFD5A4900CB121EB967BC7185A9F00112A5B1E8D8028CA02B0F2B194AF03CC1E172B70C9B88643E3C064B5406CF184AD9EBA26736EF6FEB30DAC8BA400933A32A3C03230BD732FCBE16C4B3BDCC0B501616CE956D968B8DA68B4A9A64238601E81E78095961580431361A4DD9FE963D3CEBA5C21BBA416C1CC9D94BB842C25B2FD12C8BF42C35948272965A3FECF6E9B92D32D7E84A402A0B6214A412A23427E4852CE607FD9F7FF8559BBB96A9AE577DF0C19D108587D372470BE0D3E27ED61FEB442C2D65E55BAC81C2786CF6B837EEBC1B5AF35634B29FD5D96347B5F9C747C8A9A83E7CB3C188D9042F08FBD4EDEEBD65DE7C04B275B7FD74067A0AE3033752AA55A45A05355811416EA4A5101511E99305B700BD44742CBD6A9272B5CF4001505C4057866B57E4DE5EF0EE9F88B41986A80119C962594972011FC0C39B4A74B74747F5116D896A0EBCBB4387685672899AF54B80AE07008971EA1C997A898E33AAB769E4E52FBBEC97EBF199CE76454BADBD4EAB272F1D1CAABB3B49B3AAFC1E67D09EE8FEB0580E414EB45F3F0C25FE88872312FEC2341E7A6100B2E04ED25FCE13A146098DCE98446B2F3875ECB269A886795698619D337DA612F19BF8D4FE3028E79A26548128D1595AF0BF98FF320DC73D873F05EBD07C87CAE28DF067C00DE3E53CC77E801E1304192CA7BF78AB28DB40564328A108F9F0DDD8E1B0BAECCF16BF1DEB3CC5C4B5F5140F6B8A256E9128C203418AA3D93E3F08078977667DC02D830BB6869DE92F29A65AC6D2689D0A5A90887A8643119DC9A68B5B00BD59D45DA9D7ED5DAE6EE6DA6119243F77F51B263200F90ABBB61CCE9A951781EA2012A2C8D7200906439B08E7E76CF9C9536B2E6B560AFD7CBAA5044791EE17DED45ADFD9D359DAC0A9F4ED15BF2CB2EA9B12B7CB11B597CF2E6E750A6C636FE2C4B144F6FF43CCFFDDAE787BE160B0A8B4282B35A6AEECE165814E95CE7ADBE416EF4E51860CB4F5D50AF2A86AA4EE602A30AA54850E0CB4A38DC3A1C711B5D03B6A53EE102AC68E553D11E5FB3D0A8E0EF34266263CA4A3E0B76C55A92F75F921CD61A5363E5DB7737874D57C653D63457260B67B1DF330827B2921C29FDA0045BBE7404E40985039F7DB153F52B2C941A56E922DCFB60B89DBEE327ED6F5C1E438270F766A6ED1730FC581A4AEBCFE3B7726B27D6B092CF5A0B6954196CB4CC2788B8722338EE189D9E22692595F0D5B333B0F715CB8D94A08AFB631DBB1BE79A773E8F1A4EAF7220C24222DDA431B91D9175DFA0C6AE81E8C4C879D64446CF56FAEFE1487CA6739A776AEE42EF8BE40A612F95CDE3B1FEEAC1E1E41A24C92ED8B0152E247239E5A8BC903679CA8C7B94659AD5B1D10551F460D924FB60882FC90508C3723420F86F4CF100387E808133CC429883C0E3ACE91651C075CD19D106E0B437B0363048CA1FEAAF929B87AED90AFDE281EDCA0FA0CC7B5A7F03807FA5AC41B1ED73130EAC1117C631C1818142F24D420F6776CB53D4D0326B9FC3008C3CA03FC649D87D37FA617B74F2865C75298BED54B7D8DC676E2210374D8BF194AE2FEDA62B4798933C764CCDDF845330721FC21E68C0695CA73285103E22AE68DA440326DFEF9A80D17D0A7C3F920E7B0AA806EE9B7549ED9878B6CFB505AC69E8E8D3CFA718675764CFB03861D32AFAAE1D918BE87F6A9AC0D815C57AD3E167D642F5FCDDC25D4BA3AC3E67C26A4DEAA17797B3C0654F271EAAA442A71CBE19372ADCBDE3DF8B3FE491E5A76A79D1291A0DE317FFBF927F42782FA48270F2C969563B183A4B0112F3497DD3C2A423EC83498BDBAAC928910A9FB7FE5788E454C027A28F4A91AF2BF09E261F85B0EEE4F7929E63C4062496CB09534BB6D03FF69ED2915D0EA215B4FB3D1044E86EB87DFB4898BCBD50E5C4DDFBDB83B9410E1ADF91446C43C959E0E341D67A5A7EF8712586DE3B8B9C5B6F80F42F235BF68900EBFE6304BB0D9F67408B76201EC26180B4BD76500DE4F0DF86DF4A063AECECCA69DDF8A162B67A4B9800FA7570D5B551AC2703ADC0FFCED00650A96CD81EC4187B90C6B2140CE99C1937C40587EA72899897E628115BCAB73B3D9F425860B109A67347B8A121F65D0968D56A3DDE6B8171CEA61B08AE568B9D03C398977CE86F75055230EF370CABF67C9CF97C3223719555403F3E0BD2AF0E1E8742DECB05FADB0227F15D40EE2D6DC5A49FE1E6BC9E6CEDDE74294C3BB6FD5C5FEDFAD672DF1DFFD219BD8BC1EC39158EAB507998755F553441D01CD26A5501F6FB2DB4F3597510F85B93A542514C8013EEDBBFC913DCCE8B20A5759665BDFD9919EB22A89163D8656386D857C5BFC7C241C1D726CD94AB0F92D5B0FEFCF1D4ABDD26FBC6C17A4CCACF2D31E5E713059DE93C59D3B8D3E8D03B5D663F9DFADB03E093CB84FCF500A1F0E2E5BA1C9D81DB12CC799C6539AF0CC35682D95CB789C745A452BD8B38E6CF08E0579DA1AB43AD0858D0305F961B15A79C1090F4867040EA2BD36CF6512AAB44CE5A1098EFE039134F23BF057777FEF3E68E45827B0487924CAD4E5F0B1C3B4F5A0E3853B39640EB0782D78888FE92C3B68624E84FF6A5EDED87BE62D34CE858F34E5FFFBBA75F014DF0F648988B51A72DE1FF54D5C7A4B8ECB10C5E9EF51DE98C01EF8C406F9824A0C15A29E16B5A53E3643B0065A4263ECAE50D2CB976D3D2EA6255A65F1C6CC86167F1784A27B832037DB4CE1E262475334F3B2430F86C7A24456EEA82AB678ABA91BB4C0CC82C877B80B6D3574007257272C3E126C17A8B36AA8AA9431FF01BF658F82D8153EDDEA6804CDC564A3F5E9967B08FEEB823D3DB9356A4ACDD80E883CA58A1C661D01D145F80A3AB67E8036C0BAE1BB7BC43204EB0CF38214BC74A9AEF036A31D5A9C552D93A25C0E84057BCE5437B1634680D04A77472D631432D2BAA7A3ACD64220EFCF9E7848F8FD9801BEF7561A470A1822032160EB59EDC0F977882DCE4FB2872D89D27FF076DBA74A9672F86909956579C28853FA8DE7002CC8458D09256D42A39F1A4BDB6B56D36D51488E7368686E54C1BBBFFF48884E0D536BE362E59BD7F18329A4B82AED396E4F92865F594D0DA38F7CACE7A4603AF60C1A53BDFD19476094AAC6E4A8F31FC1257D48D03BB0EF515D8460B9441532C8B5043D0531D5881ADB6D997BB184FD8CAF4D8E6C759C3F7143B9E32BC7A0EC6234B68ADF4111CA1D136721438E5E6D7125D480CE982D84AEA7703B4010CD27867D6DDC5E0C970385196F020E48EDDB24C56972F9E61E6CC29C1712551583828F899534AACFFFC66F99999EA2BA2731D52A7FD2FA262A22B075DA52A5AA58F5B41AA9CDC9181406717F3F75E7C475090121966838125236E4DC6291AE3874968E8208B983AADB03CA60ACD935E6DA1B829407F70A77340E4439F22FDC2FC4218DE0F25D2F886C0AAEB693C2B23DB0EAB9953BF806C2173E0BC9D0D7EF0E763775BC1432FF48D6035B1214294C81B71CD98C42831014090CD99CB74929AE853F88132E559104D4FEA98AD40F17DA4100A909A6981BAD9EFB240A79520927AA12232A56F4D8893BFF92BFC2BD42CF3DC09BDC484DFDBA3A10C609186104CE33E3024F44000BE34814FF5DC9872D44B4157FB3A6655B985F6CC5EF4586F2ABFEE12DCBDB90181B396F95FE3213F094D1F3DD3D7FED800F4ED21290F613B62048E0FC1F1328D9F87A5653B489D36F727BE9D755523DEF0472F1C1D5AC90EE665379FF39D06E863C244890F5333A0B89B92022C1A8198029FE5F8C203B3DD211D4398958EE190108DD50B7850E20D8ABE2B927D53D28F3B8CA26BE81BC6B83C0E2B3B1DDA28066C63860CEA89DF82708EF21D4D36B84663E87B4385A3E37BD3FF1EB2BF64184C44723490669AF4DA092D45BA21A569A352E513D9A9B43E9CD4B812055822626EFC55F950009232B8B3BB2D63D44A8B0BD9BD4E84C5A724496A2326F63C97DBCB235366EC0CF6096B5F4988D073C34BD3A084130CEA8D6EE22E542B411C1E18599667B3FD6DDE0669AD82C85A1C10CA5862213CB1BB277E6C4F6564F20A9BCEA1B48170504C47235D78ED0A0441987C8C17D90D7B56CF487C46733BA4A6848FEC42B97CE4048F3C6D9C493322F052EF93F02F142B3940A10921BD15C911E7A97AA4A20DC383C62CD288D252BA937B3F60761E6653568A01241BB573664DE04811CF3F59B4C2D7E8A6C55DA16F468383456AA751697697397C2A5E5ABFA0F1099D80447D49DA509AA1347F3943EE9BAA1FDAD2A0E69410B34253AD4991282D0E952260F52AB9F02A3D00B37098CF60354424F862066E45E92AC475C99A00E7380766E589ABF66271619142795CF7A7FBD138A6CC5BD7E135122341D1F06EB5B436C59BE0ADEDC71BC03D7C63C16751AD56C69E36DECFE9E8214C719FCDF2E9FE2DC971F03C1C2AD6B6D368FE8B11D0389650C73D1C7E73708145FA05992A150E6A909656EA786E244BDF1CD71F4B0FD05B1335D703182FFA9D96C99108297B1FE327A83BF4F69D2A9C3D1EB73A9DD8CEE2B3220904AC31011FD6407A5BA427FACB46227FDEDB13D1CA6443DED3DC3B6CF06A59DC9B9226FBF357334ABF58412605FD206E7B6125FA19E5D68F75783FA08205B05C0A12D1830068317F6105958C4EB37BCB1BEAE6A401C267641AA58274A410D76B4D2A03E418020869B6886BB81964761B3FCD8EA68050AD6CFF99649CDE8FA53F04B0C96E271C0B092E24D81EA2D723775799E713EA9DA6967EF57AAAFE1C6732F2F047556027F021C65FC20C1C3BCB392ACF8FF7A9E14D9728A5AAACD255FC3866B041E9C96DCF592083D78C9E405DDD7991D2E2536D2EB1BA0F0ECE3DFB6A34C2665CFAC2D1850FD478F617FDD4E9DD4492C553BD375CFD33F4744D642006F3A5216A1FF7D73643ED751CAECDFDCB56247AA2F66FBCB8315DAAA86006A99E0350A72D5D5260D6BB77AC53CDD7ABACB859586C279B7FACDF076C922AC27F3E907FB3B4EC977CA634A28DF064162165222DCCE674DAB60A4E9D48E7FCEA267ABB1F8E0A2012AA6DB532A4CE74FBAF583E2C292FA1B56BE585D14EE073CDAFE3FC0C19050E698EC41B9D27F5DB41A779208118A5D3F8F74333B2AD2FE3CEE273BBFEA485EAD817EFFEDF1260C1A125070589B6F0F31984ED498CBD273E84A718F54C82CBC2747E678F8437DDE23C9EA3C877823034B7C70731C2D01CC09D11D3364E7945B6480B9B416ACB54CD1194B46C6D2E147619AC1C1FA915AF80A5098647247EBCF0449634F69C96AFC740BCE61993228183D98D0F85406D8FFD934
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: J - J:\AutoInst.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: K - K:\AutoInst.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: N - N:\AutoInst.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {3040d83c-241e-11e1-8999-001fc65bac4e} - I:\SETUP.EXE
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {48014940-e00f-11e1-929c-db24f4345e8c} - J:\AutoRun.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {48014bf6-e00f-11e1-929c-db24f4345e8c} - H:\setup.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {81bbfb19-95a4-11e3-bb16-8a2aece648f5} - K:\Startme.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {8b167451-5293-11e1-86cf-806e6f6e6963} - J:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
ShellIconOverlayIdentifiers: [1CryptoProviderIcons] -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * Ꮪ窘W阀rundll32.exeuhgpXjDᏝ窘W退SYSTEM\bdnativemerᏐ窘W退湩彴潒汬慢正瑉浥即捵散獳畦l var="Ꮣ窘W退桔敲摡湉潦祔数呟牨慥䥤㉤ijEL7qzᏖ窘W退湩彴潒汬慢正瑉浥䙳楡敬du8hU." vᏉ窘W錀畍瑬卩牴湩彧潂瑯硅捥瑵䭥祥1ZrV9cᏌ窘W蠀autocheck autochk * Ꮟ窘W踀Ꮪ窘W阀rundll32.exeLKvᏂ窘W耀 ǃ
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:13813;https=127.0.0.1:13813
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0D068A5E5CFCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Easy DJ Software Support -> {2AE7471D-5150-48CF-8498-4CB9E8FAEA90} -> C:\Program Files (x86)\Product Support\1.0.0.0\Product Support.dll (Download Manager)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.4.1-next -> C:\Users\Steve\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: GFACE Experience Plugin - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\cryenginebrowserplugin@crytek.com [2013-12-14]
FF Extension: ShoppingChip - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\gxf_dtwq@kvxhptrtc.co.uk [2013-12-14]
FF Extension: SNT - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\yuaeat0g-z@oy-eoyjaao.co.uk [2014-03-16]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\fbp@fbpurity.com.xpi [2012-03-08]
FF Extension: leethax.net extension - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\leethax@leethax.net.xpi [2013-07-03]
FF Extension: Easy DJ Software Support - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\{0C20151A-BA46-4482-9207-6E3300577539}.xpi [2014-01-25]
FF Extension: Nuke Anything Enhanced - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2012-03-08]
FF Extension: Adblock Edge - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2012-10-16]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{e0840974-73d4-c17d-37a7-b69bcfd8d2f5} [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-01]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Steve\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Steve\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-06-01]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> http://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-03]
CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-03]
CHR Extension: (Hide My AdBlocker) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2014-09-03]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-09-02]
CHR HKCU\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\Steve\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx [2014-01-28]
CHR HKCU\...\Chrome\Extension: [oeflloaldpdfnbhbafhgdnjmcfbeekbe] - C:\Users\Steve\AppData\Local\CRE\oeflloaldpdfnbhbafhgdnjmcfbeekbe.crx [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
CHR HKLM-x32\...\Chrome\Extension: [oeflloaldpdfnbhbafhgdnjmcfbeekbe] - C:\Users\Steve\AppData\Local\CRE\oeflloaldpdfnbhbafhgdnjmcfbeekbe.crx [2013-02-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S4 Golf Server; c:\golf\server\golf_srv.exe [232448 2013-03-17] () [File not signed]
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.) [File not signed]
R2 KMWDSERVICE; C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [1821184 2009-08-31] (UASSOFT.COM) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5206008 2013-08-26] (INCA Internet Co., Ltd.) [File not signed]
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [186848 2010-05-10] ()
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 WDCS_WNDA3200; C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () [File not signed]
S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-11] (DT Soft Ltd)
S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2005-12-14] (GretagMacbeth LLC)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2013-05-10] (microOLAP Technologies LTD)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 vvftav302; C:\Windows\System32\drivers\vvftav302.sys [301824 2007-03-18] (Vimicro Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM302.sys [1495936 2007-04-04] (Vimicro Corporation)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 ATICDSDr; \??\C:\Users\Steve\AppData\Local\Temp\ATICDSDr.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 LMIInfo; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S2 PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 18:35 - 2014-10-15 18:36 - 00028937 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-10-15 18:35 - 2014-10-15 18:35 - 00000000 ____D () C:\FRST
2014-10-15 18:34 - 2014-10-15 18:34 - 02110976 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-10-15 18:25 - 2014-10-15 18:25 - 01976320 _____ () C:\Users\Steve\Desktop\adwcleaner_4.000.exe
2014-10-15 00:58 - 2014-10-15 00:58 - 00010808 _____ () C:\Users\Steve\Downloads\GTG IPs.txt
2014-10-13 19:01 - 2014-10-13 19:01 - 00000647 _____ () C:\Racing Rivals email.txt
2014-10-11 14:31 - 2014-10-11 14:31 - 00014436 _____ () C:\Users\Steve\Desktop\dds.txt
2014-10-11 14:31 - 2014-10-11 14:31 - 00008444 _____ () C:\Users\Steve\Desktop\attach.txt
2014-10-11 14:29 - 2014-10-11 14:29 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.com
2014-10-10 11:40 - 2014-10-15 18:32 - 00002178 _____ () C:\Windows\PFRO.log
2014-10-10 11:40 - 2014-10-15 18:32 - 00000224 _____ () C:\Windows\setupact.log
2014-10-10 11:40 - 2014-10-10 11:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-08 21:21 - 2012-07-05 22:06 - 00772544 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-10-08 21:21 - 2012-07-05 22:06 - 00687544 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-10-08 21:17 - 2014-10-08 21:17 - 00000000 _____ () C:\Windows\SysWOW64\RENBD93.tmp
2014-10-08 21:17 - 2014-10-08 21:17 - 00000000 _____ () C:\Windows\SysWOW64\RENBD92.tmp
2014-10-08 21:17 - 2014-10-08 21:17 - 00000000 _____ () C:\Windows\SysWOW64\RENBD91.tmp
2014-10-08 15:14 - 2014-10-08 15:14 - 00015688 _____ () C:\Users\Steve\Documents\install.txt
2014-10-08 01:41 - 2014-10-08 01:41 - 02347384 _____ (ESET) C:\Users\Steve\Downloads\esetsmartinstaller_enu (1).exe
2014-10-06 15:06 - 2014-10-06 15:06 - 02347384 _____ (ESET) C:\Users\Steve\Downloads\esetsmartinstaller_enu.exe
2014-10-06 15:03 - 2014-10-06 15:03 - 00007015 _____ () C:\Users\Steve\Desktop\JRT.txt
2014-10-06 14:54 - 2014-10-06 14:54 - 01705141 _____ (Thisisu) C:\Users\Steve\Downloads\JRT.exe
2014-10-06 14:54 - 2014-10-06 14:54 - 01705141 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe
2014-10-06 14:54 - 2014-10-06 14:54 - 00000000 ____D () C:\Windows\ERUNT
2014-10-06 14:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-06 14:46 - 2014-10-15 18:29 - 00000000 ____D () C:\AdwCleaner
2014-10-06 14:45 - 2014-10-06 14:45 - 01375089 _____ () C:\Users\Steve\Downloads\AdwCleaner.exe
2014-09-25 18:04 - 2014-09-30 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 14:34 - 2014-09-25 14:34 - 00019674 _____ () C:\Users\Steve\Downloads\Akon-Freedom-2008-[NoFS].4535952.TPB.torrent
2014-09-23 13:06 - 2014-09-23 13:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-09-21 14:12 - 2014-09-21 14:12 - 00000180 _____ () C:\Users\Steve\Downloads\index.m3u8
2014-09-17 19:57 - 2014-09-17 20:09 - 226114442 _____ () C:\Users\Steve\Downloads\PP Promo Records & Bands Worldwide - Making A Scene 2014 Second Edition.zip
2014-09-17 19:57 - 2014-09-17 20:03 - 141695554 _____ () C:\Users\Steve\Downloads\Djs United - Djs United Vol 1.zip
2014-09-17 19:56 - 2014-09-17 20:08 - 259682017 _____ () C:\Users\Steve\Downloads\PP Promo Records - Making A Scene 2014 First Edition.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 18:35 - 2014-07-08 08:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 18:34 - 2012-01-27 22:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-15 18:34 - 2012-01-04 13:57 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA.job
2014-10-15 18:32 - 2011-12-13 14:34 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-15 18:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 18:21 - 2014-03-26 15:46 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80.job
2014-10-15 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-15 13:19 - 2012-01-04 13:57 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core.job
2014-10-15 12:10 - 2014-03-26 15:46 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150.job
2014-10-13 10:40 - 2009-07-14 05:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 10:40 - 2009-07-14 05:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 16:05 - 2011-12-08 18:05 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-10-09 21:03 - 2012-11-06 17:09 - 00000000 ____D () C:\ProgramData\firebird
2014-10-09 19:25 - 2014-08-04 12:33 - 00000000 ____D () C:\Users\Steve\Desktop\Rob
2014-10-08 22:34 - 2012-03-09 05:24 - 00000000 ____D () C:\Users\Steve\AppData\Local\Facebook
2014-10-08 21:17 - 2012-02-27 21:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-08 21:16 - 2012-10-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-08 21:13 - 2012-01-04 13:57 - 00000000 ____D () C:\Users\Steve\AppData\Local\Google
2014-10-08 21:13 - 2011-12-07 20:47 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Mozilla
2014-10-08 13:06 - 2011-12-08 17:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\uTorrent
2014-10-06 14:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-06 11:48 - 2012-02-27 21:43 - 00000000 ____D () C:\Users\Steve\Documents\My Received Files
2014-10-05 13:06 - 2013-09-08 11:33 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\.ACEStream
2014-09-30 12:53 - 2011-12-08 00:29 - 00007613 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
2014-09-29 12:24 - 2014-07-18 10:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-24 22:27 - 2014-05-19 15:09 - 00002372 _____ () C:\Users\Steve\Desktop\Google Chrome.lnk
2014-09-21 23:30 - 2013-09-09 00:35 - 00000000 ___HD () C:\_acestream_cache_
2014-09-20 14:23 - 2014-06-05 17:34 - 00000000 ____D () C:\Program Files (x86)\Flvto Youtube Downloader
2014-09-17 12:49 - 2013-12-17 00:15 - 00002124 _____ () C:\Users\Public\Desktop\Flvto Youtube Downloader.lnk
 
Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 10:57
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 01
Ran by Steve at 2014-10-15 18:37:12
Running from C:\Users\Steve\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ace Stream Media 2.2.4.1-next (HKCU\...\AceStream) (Version: 2.2.4.1-next - Ace Stream Media)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
Any Audio Converter 4.0.2 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
AnyTrans 3.7.3 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 3.7.3 - iMobie Inc.)
ATI AVIVO64 Codecs (Version: 10.10.0.41001 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DeepBurner v1.9.0.228 (HKLM-x32\...\{2ADE2157-7A5E-122C-B51D-EB8A01B15943}) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ffdshow [rev 2202] [2008-10-10] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
FLAC to MP3 Converter 6.1.9 (HKLM-x32\...\DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1) (Version:  - Accmeware Corporation)
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.3.6 - Hotger)
FMRTE (HKLM-x32\...\{0D67FBBE-3F68-4B0B-9647-8F3DE93593AE}) (Version: 5.0.2 - BraCa Soft)
FMRTE 5.2.4 (HKLM\...\{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1) (Version: 5.2.4 - Raul Bravo)
Free Burn MP3-CD v1.2 (HKLM-x32\...\Free Burn MP3-CD_is1) (Version: 1.2 - www.nbxsoft.com)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
M4A to MP3 Converter (HKLM-x32\...\{729E66B3-1B80-4F3F-8D19-342A89631E0A}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.)
Mobile Master Copy Station (x32 Version: 8.9.3 - Jumping Bytes) Hidden
Mobile Master Copy Station 8.9.3 (HKLM-x32\...\Mobile Master Copy Station) (Version: 8.9.3 - Jumping Bytes)
Mouse Driver (HKLM-x32\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed™ Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)
NETGEAR WNDA3200 wireless adapter Setup (HKLM-x32\...\{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1) (Version: 1.0.0.11 - NETGEAR)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN Client (HKLM-x32\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)
Opti Drive Control 1.70 (HKLM-x32\...\{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1) (Version:  - Erik Deppe)
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
PDF Reader (HKCU\...\PDF Reader) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Popcorn4TV version 1.0 (HKLM-x32\...\{FA0CD53E-825A-48F4-9AAC-D3E6B718EAC8}_is1) (Version: 1.0 - Popcorn4TV)
Product Support (HKLM-x32\...\test) (Version: {VERSION} - Product Support)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.0.9 (HKLM-x32\...\qbittorrent) (Version: 3.0.9 - Christophe Dumez)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
SAM Broadcaster (remove only) (HKLM-x32\...\SAM3) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
ShotOnline (HKLM-x32\...\ShotOnline) (Version: 1.0 - GamesCampus)
Slice Audio File Splitter (HKLM-x32\...\Slice) (Version:  - NCH Software)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.11.201408051401 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
TubeMaster++ 2.7 (HKLM-x32\...\TubeMaster++) (Version: 2.7 - GgSofts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wargame Red Dragon (HKLM-x32\...\Wargame Red Dragon_is1) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
WTF (HKLM-x32\...\WTF_is1) (Version: WTF - onnet)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
08-10-2014 20:09:56 Removed Facebook Video Calling 3.1.0.521
08-10-2014 20:11:03 Removed Java 7 Update 45 (64-bit)
08-10-2014 20:12:31 Removed Google Talk Plugin
08-10-2014 20:13:14 Removed Google Earth.
08-10-2014 20:14:55 Removed Java 7 Update 51
08-10-2014 20:16:06 Removed Java™ 6 Update 31
08-10-2014 20:19:37 Removed Java™ 7 Update 4
08-10-2014 20:20:44 Removed JavaFX 2.1.1
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-12-04 04:39 - 2014-05-26 23:57 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 goldenteenet.itsgames.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {34C7244D-9E85-4DBC-89F3-4161BA15739E} - System32\Tasks\{99FFB9E3-0852-4CF7-AACA-A49C0DD556DB} => E:\Program Files\Enemy Front\Bin32\EnemyFront.exe
Task: {4A3C3984-573E-48C9-ADEE-12E951CF2F84} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {8E2C7671-7D08-43C2-A6C6-A615371EFCDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {8E3AE834-2CF5-41E7-B392-6BADA4F38B31} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {931124A7-DB55-47D8-BC8D-FA16342984EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80 => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)
Task: {99D187F2-30A4-4428-B3D7-CEEE4AEF1176} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)
Task: {9E317D0B-91CE-4945-8619-79E1286A4AC1} - System32\Tasks\Origin => C:\Users\Steve\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {BF1FC308-663F-4AA4-BED6-01DE84EBA732} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)
Task: {DF266568-8F23-4EC6-9DE9-2438DC45452E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {E6C209BA-7EE3-4467-B32C-F5FD18610F74} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {E7C3099B-FA01-40E9-BCC0-690648284B76} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {EA1A4EB1-EA81-4BF1-B045-FD2CF1FD8535} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {EFCE7897-2D04-436F-890C-F83E361EAB68} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {F95A8D81-AA0A-4EF9-80F9-B4E607E9292C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150 => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-21 21:34 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-08-12 18:45 - 2010-08-12 18:45 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2013-05-25 15:45 - 2013-11-30 12:28 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-12-07 18:07 - 2010-05-10 13:14 - 00186848 _____ () C:\Windows\SysWOW64\WinService.exe
2012-01-04 13:05 - 2010-06-23 12:41 - 00167936 _____ () C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
2009-07-05 07:35 - 2009-07-05 07:35 - 00028160 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2009-07-05 07:35 - 2009-07-05 07:35 - 00041472 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00096256 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2009-10-26 10:27 - 2009-10-26 10:27 - 00153088 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2009-10-26 10:25 - 2009-10-26 10:25 - 00040448 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2009-10-26 10:25 - 2009-10-26 10:25 - 00645120 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2010-03-16 14:05 - 2010-03-16 14:05 - 00020480 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2009-10-26 10:27 - 2009-10-26 10:27 - 00311808 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2009-10-26 10:25 - 2009-10-26 10:25 - 00073728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2009-10-26 10:27 - 2009-10-26 10:27 - 00011776 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2010-05-05 14:44 - 2010-05-05 14:44 - 00010752 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2010-05-05 14:44 - 2010-05-05 14:44 - 00051200 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2010-05-05 14:44 - 2010-05-05 14:44 - 00039936 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00036352 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2010-05-05 14:43 - 2010-05-05 14:43 - 00008192 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00017920 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2009-07-06 05:16 - 2009-07-06 05:16 - 00111104 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2014-09-24 22:27 - 2014-09-23 05:06 - 01098056 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 22:27 - 2014-09-23 05:06 - 00174408 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 22:27 - 2014-09-23 05:07 - 08577864 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 22:27 - 2014-09-23 05:07 - 00331592 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 22:27 - 2014-09-23 05:06 - 01660232 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:088B37DC
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Steve\Downloads\Fayed_PWCT_1.9_Art.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80792581.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80792581.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 1a34a8e0 => 2
MSCONFIG\Services: CrossLoopService => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: FirebirdGuardianDefaultInstance => 2
MSCONFIG\Services: FirebirdServerDefaultInstance => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: tbbLoaderService => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: vToolbarUpdater13.2.0 => 2
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WMZuneComm => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: ZuneNetworkSvc => 3
MSCONFIG\Services: ZuneWlanCfgSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3200 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WNDA3200 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk => C:\Windows\pss\OpenVPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2YourFace_Updater.lnk => C:\Windows\pss\2YourFace_Updater.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: AceStream => C:\Users\Steve\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Bandwidth Monitor => C:\Program Files (x86)\Online Bandwidth Monitor\BandwidthMonitor.exe
MSCONFIG\startupreg: BigDogPath => C:\Windows\VM302Snap.exe Vimicro USB PC Camera (ZC0302)
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CrossLoop => "C:\Users\Steve\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server  -minimize
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\Steve\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3E7806DA78C4352052F851DEE3FA5D4E => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: HOSTS Anti-Adware_PUPs => C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MSCONFIG\startupreg: Huofma => "C:\Users\Steve\AppData\Roaming\Ikteyzqe\emkiku.exe"
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Device Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Device Center\itype.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: KMCONFIG => C:\Program Files (x86)\Mouse Driver\StartAutorun.exe KMConfig.exe
MSCONFIG\startupreg: LogMeIn GUI => "D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MediaGet2 => C:\Users\Steve\AppData\Local\MediaGet2\mediaget.exe --minimized
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: MySQL Notifier => E:\Program Files\MySQL Notifier 1.1.5\MySqlNotifier.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: RamBooster => C:\Program Files (x86)\RamBooster 2.0\Rambooster.exe
MSCONFIG\startupreg: RAMDef => C:\Program Files (x86)\RAM Def\ramdef.exe -tray
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "D:\Program Files (x86)\ATI Drivers\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "D:\Program Files\Dead Island\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Wallpaper Changer => C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized
MSCONFIG\startupreg: WmiPrv => C:\Users\Steve\AppData\Roaming\.ACEStream\WmiPrv\WmiPrvSE.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSHelperSetup.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1172466162-1326600968-4123945386-500 - Administrator - Disabled)
Guest (S-1-5-21-1172466162-1326600968-4123945386-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1172466162-1326600968-4123945386-1002 - Limited - Enabled)
Steve (S-1-5-21-1172466162-1326600968-4123945386-1000 - Administrator - Enabled) => C:\Users\Steve
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/15/2014 06:26:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/15/2014 06:26:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/15/2014 01:19:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/13/2014 07:41:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/12/2014 05:25:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/11/2014 01:09:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/10/2014 03:35:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/08/2014 06:38:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/08/2014 04:43:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/08/2014 01:41:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (10/15/2014 06:32:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDIHWCTL service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 06:32:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/15/2014 06:32:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 06:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aspi32 service failed to start due to the following error: 
%%1275
 
Error: (10/15/2014 06:32:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/15/2014 06:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error: 
%%3
 
Error: (10/15/2014 06:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error: 
%%3
 
Error: (10/14/2014 02:29:19 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (10/13/2014 10:32:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDIHWCTL service failed to start due to the following error: 
%%2
 
Error: (10/13/2014 10:32:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (10/15/2014 06:26:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steve\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (10/15/2014 06:26:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steve\Downloads\esetsmartinstaller_enu.exe
 
Error: (10/15/2014 01:19:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/13/2014 07:41:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/12/2014 05:25:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/11/2014 01:09:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/10/2014 03:35:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/08/2014 06:38:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (10/08/2014 04:43:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (10/08/2014 01:41:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steve\Downloads\esetsmartinstaller_enu (1).exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-27 14:24:10.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:24:07.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:24:04.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:24:01.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:32.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:28.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:25.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:21.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:18.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:15.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ 9500 Quad-Core Processor
Percentage of memory in use: 48%
Total physical RAM: 3070.49 MB
Available physical RAM: 1573.72 MB
Total Pagefile: 6139.17 MB
Available Pagefile: 4409.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:70.82 GB) (Free:7.59 GB) NTFS
Drive d: (HP) (Fixed) (Total:244.14 GB) (Free:97.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:140.52 GB) (Free:52.84 GB) NTFS
Drive f: (FACTORY_IMAGE) (Fixed) (Total:10.27 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=211.3 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#6 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 23 October 2014 - 06:49 PM

I hope i have posted these logs correctly for you and also if you would like to use first name terms then my name is Steve.

 

Thanks in advance for all the help that you are giving me,,and I sure hope that you can help find the root of this extremely annoying problem.



#7 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 24 October 2014 - 01:23 AM

Hello Steve, 
 
Why did you did these items? From my instructions, "If objects are found, change the action to skip."
 

14:02:41.0369 4036 HKLM\SYSTEM\ControlSet001\services\epmntdrv - will be deleted on reboot
14:02:41.0395 4036 HKLM\SYSTEM\ControlSet002\services\epmntdrv - will be deleted on reboot
14:02:41.0411 4036 C:\Windows\system32\epmntdrv.sys - will be deleted on reboot
14:02:41.0411 4036 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Delete 

14:02:41.0416 4036 HKLM\SYSTEM\ControlSet001\services\EuGdiDrv - will be deleted on reboot
14:02:41.0422 4036 HKLM\SYSTEM\ControlSet002\services\EuGdiDrv - will be deleted on reboot
14:02:41.0425 4036 C:\Windows\system32\EuGdiDrv.sys - will be deleted on reboot
14:02:41.0425 4036 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Delete

 

You've deleted legitimate files. We may or may not be able to recover these files. 

 

YARWD1t.png TDSSQLook

  • Please download TDSSQLook and save the folder to your Desktop.
  • Right-click the folder and click Extra all.
  • Right-Click TDSSQLook.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Type and press the Enter key. 
  • A log (TDSSQ.txt) will open. Copy the contents of the log and paste in your next reply.

Posted Image

#8 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 24 October 2014 - 07:37 AM

Sorry,,I simply posted the logs from when i had done them before,as I said earlier i had already been through a lot with another member and he told me to come to you.

If you really need me to go through it all again then I will do this, My mistake in thinking it would be ok to post the old logs to try and save a little time.

 

I will follow the above instructions and post anything you have asked for asap.



#9 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 24 October 2014 - 07:38 AM

Sorry,,I simply posted the logs from when i had done them before,as I said earlier i had already been through a lot with another member and he told me to come to you.

If you really need me to go through it all again then I will do this, My mistake in thinking it would be ok to post the old logs to try and save a little time.

 

I will follow the above instructions and post anything you have asked for asap.

 

aNYTHING THATHAT i deleted are things that i was told to do in the other forum section,,You can see these in the link i gave above.



#10 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 24 October 2014 - 07:42 AM

TDSSKiller Quarantine Information log 
TDSS Qlook Version 1.0.0.5 - Steve - 24/10/2014 - 13:42:08.14.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1  
***** START SCAN 24/10/2014 13:42:28.19 ***** 
 
---------- TDSSKiller logs ---------- 
 
TDSSKiller.3.0.0.32_22.04.2014_14.35.09_log.txt 
TDSSKiller.3.0.0.32_22.04.2014_23.05.04_log.txt 
 
---------- TDSSStarter logs ---------- 
 
 
---------- DIR LIST ---------- 
 
C:\TDSSKiller_Quarantine\22.04.2014_14.35.17
C:\TDSSKiller_Quarantine\22.04.2014_14.35.17\susp0000
C:\TDSSKiller_Quarantine\22.04.2014_14.35.17\susp0000\object.ini
C:\TDSSKiller_Quarantine\22.04.2014_14.35.17\susp0000\svc0000
C:\TDSSKiller_Quarantine\22.04.2014_14.35.17\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\22.04.2014_14.35.17\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\22.04.2014_14.35.17\susp0000\svc0000\tsk0000.dta
 
---------- INI FILES ---------- 
 
=== C:\TDSSKiller_Quarantine\22.04.2014_14.35.17\susp0000\object.ini 
 
[InfectedObject]
Verdict: LockedFile.Multi.Generic
 
 
=== C:\TDSSKiller_Quarantine\22.04.2014_14.35.17\susp0000\svc0000\object.ini 
 
[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: \SystemRoot\System32\Drivers\sptd.sys
Suspicious states: Locked file; 
 
 
=== C:\TDSSKiller_Quarantine\22.04.2014_14.35.17\susp0000\svc0000\tsk0000.ini 
 
[InfectedFile]
Type: Raw image
Src: C:\Windows\System32\Drivers\sptd.sys
md5: D519AD2DE7968CD2B47FEA807C5B29B2
sha256: 8B658F7E21EB67D010DAF484479201A09146A16560DBAE8F1B620F5320A74D6A
 
 
***** END SCAN 24/10/2014 13:42:36.28 ***** 


#11 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 24 October 2014 - 11:46 AM

Hello, 

 

I didn't realise your TDSSKiller log was so old. 

Please delete both TDSSKiller.exe and FRST64.exe. 

 

Run a new scan with both, following the instructions in my first post. 

 

Please include FRST.txt and Addition.txt in your post. Attach the TDSSKiller log.


Posted Image

#12 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 24 October 2014 - 03:29 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by Steve (administrator) on STEVE-PC on 24-10-2014 21:27:15
Running from C:\Users\Steve\Desktop
Loaded Profile: Steve (Available profiles: Steve)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(UASSOFT.COM) C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\WinService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: J - J:\AutoInst.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: K - K:\AutoInst.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: N - N:\AutoInst.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {3040d83c-241e-11e1-8999-001fc65bac4e} - I:\SETUP.EXE
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {48014940-e00f-11e1-929c-db24f4345e8c} - J:\AutoRun.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {48014bf6-e00f-11e1-929c-db24f4345e8c} - H:\setup.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {81bbfb19-95a4-11e3-bb16-8a2aece648f5} - K:\Startme.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {8b167451-5293-11e1-86cf-806e6f6e6963} - J:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * Ꮪ窘W阀rundll32.exeuhgpXjDᏝ窘W退SYSTEM\bdnativemerᏐ窘W退湩彴潒汬慢正瑉浥即捵散獳畦l var="Ꮣ窘W退桔敲摡湉潦祔数呟牨慥䥤㉤ijEL7qzᏖ窘W退湩彴潒汬慢正瑉浥䙳楡敬du8hU." vᏉ窘W錀畍瑬卩牴湩彧潂瑯硅捥瑵䭥祥1ZrV9cᏌ窘W蠀autocheck autochk * Ꮟ窘W踀Ꮪ窘W阀rundll32.exeLKvᏂ窘W耀 ǃ
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0D068A5E5CFCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.4.1-next -> C:\Users\Steve\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: GFACE Experience Plugin - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\cryenginebrowserplugin@crytek.com [2013-12-14]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\fbp@fbpurity.com.xpi [2012-03-08]
FF Extension: leethax.net extension - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\leethax@leethax.net.xpi [2013-07-03]
FF Extension: Easy DJ Software Support - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\{0C20151A-BA46-4482-9207-6E3300577539}.xpi [2014-01-25]
FF Extension: Nuke Anything Enhanced - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2012-03-08]
FF Extension: Adblock Edge - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2012-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-01]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Steve\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Steve\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-06-01]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSearchURL: Default -> http://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-03]
CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-03]
CHR Extension: (Hide My AdBlocker) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2014-09-03]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-09-02]
CHR HKCU\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\Steve\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S4 Golf Server; c:\golf\server\golf_srv.exe [232448 2013-03-17] () [File not signed]
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.) [File not signed]
R2 KMWDSERVICE; C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [1821184 2009-08-31] (UASSOFT.COM) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5206008 2013-08-26] (INCA Internet Co., Ltd.) [File not signed]
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [186848 2010-05-10] ()
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 WDCS_WNDA3200; C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-11] (DT Soft Ltd)
S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2005-12-14] (GretagMacbeth LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-04] ()
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2013-05-10] (microOLAP Technologies LTD)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 vvftav302; C:\Windows\System32\drivers\vvftav302.sys [301824 2007-03-18] (Vimicro Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM302.sys [1495936 2007-04-04] (Vimicro Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 21:27 - 2014-10-24 21:28 - 00017218 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-10-24 14:39 - 2014-10-24 14:39 - 00000765 _____ () C:\Users\Steve\Desktop\The Evil Within.lnk
2014-10-24 14:39 - 2014-10-24 14:39 - 00000383 _____ () C:\Windows\DirectX.log
2014-10-24 14:39 - 2014-10-24 14:39 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\The Evil Within
2014-10-24 14:39 - 2014-10-24 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-10-24 13:42 - 2014-10-24 13:42 - 00001711 _____ () C:\TDSSQ.txt
2014-10-24 13:38 - 2014-10-24 13:39 - 00074106 _____ () C:\Users\Steve\Downloads\TDSSQlook.zip
2014-10-21 21:13 - 2014-10-21 21:13 - 00001656 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-10-21 21:12 - 2014-10-21 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2014-10-21 21:10 - 2014-10-21 21:10 - 07766016 _____ () C:\Users\Steve\Downloads\PathOfExileInstaller.msi
2014-10-21 18:49 - 2014-10-21 18:49 - 00853520 _____ () C:\Users\Steve\Downloads\CasinoClassicEU.exe
2014-10-21 18:49 - 2014-10-21 18:49 - 00000000 ____D () C:\Microgaming
2014-10-19 18:20 - 2014-10-19 18:20 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds (1).com
2014-10-18 15:45 - 2014-10-18 15:45 - 00854448 _____ () C:\Users\Steve\Downloads\SecurityCheck.exe
2014-10-15 18:35 - 2014-10-24 21:27 - 00000000 ____D () C:\FRST
2014-10-15 18:34 - 2014-10-18 13:25 - 02112000 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-10-15 18:25 - 2014-10-15 18:25 - 01976320 _____ () C:\Users\Steve\Desktop\adwcleaner_4.000.exe
2014-10-15 00:58 - 2014-10-15 00:58 - 00010808 _____ () C:\Users\Steve\Downloads\GTG IPs.txt
2014-10-13 19:01 - 2014-10-13 19:01 - 00000647 _____ () C:\Racing Rivals email.txt
2014-10-11 14:29 - 2014-10-11 14:29 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.com
2014-10-10 11:40 - 2014-10-20 17:08 - 00001200 _____ () C:\Windows\setupact.log
2014-10-10 11:40 - 2014-10-15 18:32 - 00002178 _____ () C:\Windows\PFRO.log
2014-10-10 11:40 - 2014-10-10 11:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-08 21:21 - 2012-07-05 22:06 - 00772544 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-10-08 21:21 - 2012-07-05 22:06 - 00687544 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-10-08 21:17 - 2014-10-08 21:17 - 00000000 _____ () C:\Windows\SysWOW64\RENBD93.tmp
2014-10-08 21:17 - 2014-10-08 21:17 - 00000000 _____ () C:\Windows\SysWOW64\RENBD92.tmp
2014-10-08 21:17 - 2014-10-08 21:17 - 00000000 _____ () C:\Windows\SysWOW64\RENBD91.tmp
2014-10-08 15:14 - 2014-10-08 15:14 - 00015688 _____ () C:\Users\Steve\Documents\install.txt
2014-10-08 01:41 - 2014-10-08 01:41 - 02347384 _____ (ESET) C:\Users\Steve\Downloads\esetsmartinstaller_enu (1).exe
2014-10-06 15:06 - 2014-10-06 15:06 - 02347384 _____ (ESET) C:\Users\Steve\Downloads\esetsmartinstaller_enu.exe
2014-10-06 15:03 - 2014-10-06 15:03 - 00007015 _____ () C:\Users\Steve\Desktop\JRT.txt
2014-10-06 14:54 - 2014-10-06 14:54 - 01705141 _____ (Thisisu) C:\Users\Steve\Downloads\JRT.exe
2014-10-06 14:54 - 2014-10-06 14:54 - 01705141 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe
2014-10-06 14:54 - 2014-10-06 14:54 - 00000000 ____D () C:\Windows\ERUNT
2014-10-06 14:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-06 14:46 - 2014-10-15 18:29 - 00000000 ____D () C:\AdwCleaner
2014-10-06 14:45 - 2014-10-06 14:45 - 01375089 _____ () C:\Users\Steve\Downloads\AdwCleaner.exe
2014-09-25 18:04 - 2014-09-30 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 14:34 - 2014-09-25 14:34 - 00019674 _____ () C:\Users\Steve\Downloads\Akon-Freedom-2008-[NoFS].4535952.TPB.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 21:21 - 2012-01-27 22:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-24 21:20 - 2014-07-08 08:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 21:08 - 2014-03-26 15:46 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80.job
2014-10-24 20:34 - 2012-01-04 13:57 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA.job
2014-10-24 17:08 - 2011-12-13 16:56 - 00000000 ____D () C:\Program Files\PeerBlock
2014-10-24 17:07 - 2011-12-08 00:29 - 00007610 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
2014-10-24 14:08 - 2014-03-26 15:46 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150.job
2014-10-24 13:20 - 2011-12-08 17:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\uTorrent
2014-10-24 12:34 - 2012-01-04 13:57 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core.job
2014-10-24 11:44 - 2011-12-13 14:34 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-23 19:49 - 2011-12-08 18:05 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-10-23 11:13 - 2014-08-04 12:33 - 00000000 ____D () C:\Users\Steve\Desktop\Rob
2014-10-22 14:03 - 2014-03-26 15:46 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80
2014-10-22 14:03 - 2014-03-26 15:46 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150
2014-10-21 21:14 - 2012-09-02 20:37 - 00000000 ____D () C:\Users\Steve\Documents\My Games
2014-10-21 15:30 - 2009-07-14 06:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 15:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 13:07 - 2009-07-14 05:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 13:07 - 2009-07-14 05:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 12:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 20:01 - 2013-09-08 11:33 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\.ACEStream
2014-10-17 11:31 - 2014-05-19 15:09 - 00002372 _____ () C:\Users\Steve\Desktop\Google Chrome.lnk
2014-10-16 19:21 - 2012-11-06 17:09 - 00000000 ____D () C:\ProgramData\firebird
2014-10-08 22:34 - 2012-03-09 05:24 - 00000000 ____D () C:\Users\Steve\AppData\Local\Facebook
2014-10-08 21:17 - 2012-02-27 21:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-08 21:16 - 2012-10-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-08 21:13 - 2012-01-04 13:57 - 00000000 ____D () C:\Users\Steve\AppData\Local\Google
2014-10-08 21:13 - 2011-12-07 20:47 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Mozilla
2014-10-06 14:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-06 11:48 - 2012-02-27 21:43 - 00000000 ____D () C:\Users\Steve\Documents\My Received Files
2014-09-29 12:24 - 2014-07-18 10:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
 
Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by Steve at 2014-10-24 21:28:57
Running from C:\Users\Steve\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ace Stream Media 2.2.4.1-next (HKCU\...\AceStream) (Version: 2.2.4.1-next - Ace Stream Media)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
Any Audio Converter 4.0.2 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
AnyTrans 3.7.3 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 3.7.3 - iMobie Inc.)
ATI AVIVO64 Codecs (Version: 10.10.0.41001 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DeepBurner v1.9.0.228 (HKLM-x32\...\{2ADE2157-7A5E-122C-B51D-EB8A01B15943}) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ffdshow [rev 2202] [2008-10-10] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
FLAC to MP3 Converter 6.1.9 (HKLM-x32\...\DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1) (Version:  - Accmeware Corporation)
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.3.6 - Hotger)
FMRTE (HKLM-x32\...\{0D67FBBE-3F68-4B0B-9647-8F3DE93593AE}) (Version: 5.0.2 - BraCa Soft)
FMRTE 5.2.4 (HKLM\...\{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1) (Version: 5.2.4 - Raul Bravo)
Free Burn MP3-CD v1.2 (HKLM-x32\...\Free Burn MP3-CD_is1) (Version: 1.2 - www.nbxsoft.com)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
M4A to MP3 Converter (HKLM-x32\...\{729E66B3-1B80-4F3F-8D19-342A89631E0A}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.)
Mobile Master Copy Station (x32 Version: 8.9.3 - Jumping Bytes) Hidden
Mobile Master Copy Station 8.9.3 (HKLM-x32\...\Mobile Master Copy Station) (Version: 8.9.3 - Jumping Bytes)
Mouse Driver (HKLM-x32\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed™ Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)
NETGEAR WNDA3200 wireless adapter Setup (HKLM-x32\...\{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1) (Version: 1.0.0.11 - NETGEAR)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN Client (HKLM-x32\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)
Opti Drive Control 1.70 (HKLM-x32\...\{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1) (Version:  - Erik Deppe)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.3.36532 - Grinding Gear Games)
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
PDF Reader (HKCU\...\PDF Reader) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Popcorn4TV version 1.0 (HKLM-x32\...\{FA0CD53E-825A-48F4-9AAC-D3E6B718EAC8}_is1) (Version: 1.0 - Popcorn4TV)
Product Support (HKLM-x32\...\test) (Version: {VERSION} - Product Support)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.0.9 (HKLM-x32\...\qbittorrent) (Version: 3.0.9 - Christophe Dumez)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
SAM Broadcaster (remove only) (HKLM-x32\...\SAM3) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
ShotOnline (HKLM-x32\...\ShotOnline) (Version: 1.0 - GamesCampus)
Slice Audio File Splitter (HKLM-x32\...\Slice) (Version:  - NCH Software)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.11.201408051401 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
The Evil Within (HKLM-x32\...\The Evil Within_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
TubeMaster++ 2.7 (HKLM-x32\...\TubeMaster++) (Version: 2.7 - GgSofts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wargame Red Dragon (HKLM-x32\...\Wargame Red Dragon_is1) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
WTF (HKLM-x32\...\WTF_is1) (Version: WTF - onnet)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
08-10-2014 20:09:56 Removed Facebook Video Calling 3.1.0.521
08-10-2014 20:11:03 Removed Java 7 Update 45 (64-bit)
08-10-2014 20:12:31 Removed Google Talk Plugin
08-10-2014 20:13:14 Removed Google Earth.
08-10-2014 20:14:55 Removed Java 7 Update 51
08-10-2014 20:16:06 Removed Java™ 6 Update 31
08-10-2014 20:19:37 Removed Java™ 7 Update 4
08-10-2014 20:20:44 Removed JavaFX 2.1.1
19-10-2014 21:47:37 Scheduled Checkpoint
21-10-2014 20:11:47 Installed Path of Exile
24-10-2014 13:37:35 Installed DirectX
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-12-04 04:39 - 2014-05-26 23:57 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 goldenteenet.itsgames.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {34C7244D-9E85-4DBC-89F3-4161BA15739E} - System32\Tasks\{99FFB9E3-0852-4CF7-AACA-A49C0DD556DB} => E:\Program Files\Enemy Front\Bin32\EnemyFront.exe
Task: {4A3C3984-573E-48C9-ADEE-12E951CF2F84} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {8E2C7671-7D08-43C2-A6C6-A615371EFCDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {8E3AE834-2CF5-41E7-B392-6BADA4F38B31} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {931124A7-DB55-47D8-BC8D-FA16342984EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80 => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {99D187F2-30A4-4428-B3D7-CEEE4AEF1176} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {9E317D0B-91CE-4945-8619-79E1286A4AC1} - System32\Tasks\Origin => C:\Users\Steve\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {BF1FC308-663F-4AA4-BED6-01DE84EBA732} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {DF266568-8F23-4EC6-9DE9-2438DC45452E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {E6C209BA-7EE3-4467-B32C-F5FD18610F74} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {E7C3099B-FA01-40E9-BCC0-690648284B76} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {EA1A4EB1-EA81-4BF1-B045-FD2CF1FD8535} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {EFCE7897-2D04-436F-890C-F83E361EAB68} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {F95A8D81-AA0A-4EF9-80F9-B4E607E9292C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150 => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-21 21:34 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-08-12 18:45 - 2010-08-12 18:45 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2013-05-25 15:45 - 2013-11-30 12:28 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-12-07 18:07 - 2010-05-10 13:14 - 00186848 _____ () C:\Windows\SysWOW64\WinService.exe
2012-01-04 13:05 - 2010-06-23 12:41 - 00167936 _____ () C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
2009-07-05 07:35 - 2009-07-05 07:35 - 00028160 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2009-07-05 07:35 - 2009-07-05 07:35 - 00041472 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00096256 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2009-10-26 10:27 - 2009-10-26 10:27 - 00153088 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2009-10-26 10:25 - 2009-10-26 10:25 - 00040448 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2009-10-26 10:25 - 2009-10-26 10:25 - 00645120 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2010-03-16 14:05 - 2010-03-16 14:05 - 00020480 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2009-10-26 10:27 - 2009-10-26 10:27 - 00311808 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2009-10-26 10:25 - 2009-10-26 10:25 - 00073728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2009-10-26 10:27 - 2009-10-26 10:27 - 00011776 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2010-05-05 14:44 - 2010-05-05 14:44 - 00010752 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2010-05-05 14:44 - 2010-05-05 14:44 - 00051200 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2010-05-05 14:44 - 2010-05-05 14:44 - 00039936 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00036352 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2010-05-05 14:43 - 2010-05-05 14:43 - 00008192 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00017920 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2009-07-06 05:16 - 2009-07-06 05:16 - 00111104 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2014-10-17 11:31 - 2014-10-10 03:03 - 01042760 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-17 11:31 - 2014-10-10 03:03 - 00211272 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-17 11:31 - 2014-10-10 03:04 - 08910664 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-17 11:31 - 2014-10-10 03:03 - 01681224 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80792581.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80792581.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 1a34a8e0 => 2
MSCONFIG\Services: CrossLoopService => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: FirebirdGuardianDefaultInstance => 2
MSCONFIG\Services: FirebirdServerDefaultInstance => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: tbbLoaderService => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: vToolbarUpdater13.2.0 => 2
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WMZuneComm => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: ZuneNetworkSvc => 3
MSCONFIG\Services: ZuneWlanCfgSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3200 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WNDA3200 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk => C:\Windows\pss\OpenVPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2YourFace_Updater.lnk => C:\Windows\pss\2YourFace_Updater.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: AceStream => C:\Users\Steve\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Bandwidth Monitor => C:\Program Files (x86)\Online Bandwidth Monitor\BandwidthMonitor.exe
MSCONFIG\startupreg: BigDogPath => C:\Windows\VM302Snap.exe Vimicro USB PC Camera (ZC0302)
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CrossLoop => "C:\Users\Steve\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server  -minimize
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\Steve\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3E7806DA78C4352052F851DEE3FA5D4E => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: HOSTS Anti-Adware_PUPs => C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MSCONFIG\startupreg: Huofma => "C:\Users\Steve\AppData\Roaming\Ikteyzqe\emkiku.exe"
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Device Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Device Center\itype.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: KMCONFIG => C:\Program Files (x86)\Mouse Driver\StartAutorun.exe KMConfig.exe
MSCONFIG\startupreg: LogMeIn GUI => "D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MediaGet2 => C:\Users\Steve\AppData\Local\MediaGet2\mediaget.exe --minimized
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: MySQL Notifier => E:\Program Files\MySQL Notifier 1.1.5\MySqlNotifier.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: RamBooster => C:\Program Files (x86)\RamBooster 2.0\Rambooster.exe
MSCONFIG\startupreg: RAMDef => C:\Program Files (x86)\RAM Def\ramdef.exe -tray
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "D:\Program Files (x86)\ATI Drivers\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "D:\Program Files\Dead Island\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Wallpaper Changer => C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized
MSCONFIG\startupreg: WmiPrv => C:\Users\Steve\AppData\Roaming\.ACEStream\WmiPrv\WmiPrvSE.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSHelperSetup.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1172466162-1326600968-4123945386-500 - Administrator - Disabled)
Guest (S-1-5-21-1172466162-1326600968-4123945386-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1172466162-1326600968-4123945386-1002 - Limited - Enabled)
Steve (S-1-5-21-1172466162-1326600968-4123945386-1000 - Administrator - Enabled) => C:\Users\Steve
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/23/2014 00:10:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/23/2014 00:10:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/21/2014 11:07:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: install.exe_MicrogamingInstall, version: 16.10.2.1587, time stamp: 0x52f1e0d2
Faulting module name: install.exe, version: 16.10.2.1587, time stamp: 0x52f1e0d2
Exception code: 0xc0000005
Fault offset: 0x0005897d
Faulting process id: 0xe98
Faulting application start time: 0xinstall.exe_MicrogamingInstall0
Faulting application path: install.exe_MicrogamingInstall1
Faulting module path: install.exe_MicrogamingInstall2
Report Id: install.exe_MicrogamingInstall3
 
Error: (10/21/2014 06:51:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CasinoClassicEU.exe, version: 16.10.2.1587, time stamp: 0x52f1e0d2
Faulting module name: CasinoClassicEU.exe, version: 16.10.2.1587, time stamp: 0x52f1e0d2
Exception code: 0xc0000005
Fault offset: 0x00058980
Faulting process id: 0x25fc
Faulting application start time: 0xCasinoClassicEU.exe0
Faulting application path: CasinoClassicEU.exe1
Faulting module path: CasinoClassicEU.exe2
Report Id: CasinoClassicEU.exe3
 
Error: (10/21/2014 03:29:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/21/2014 03:29:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (10/20/2014 10:52:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/20/2014 05:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/20/2014 05:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (10/16/2014 00:14:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc000000d
Fault offset: 0x00098489
Faulting process id: 0xedc
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
 
System errors:
=============
Error: (10/20/2014 11:45:04 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (10/20/2014 00:59:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aspi32 service failed to start due to the following error: 
%%1275
 
Error: (10/20/2014 00:59:30 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/19/2014 08:34:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aspi32 service failed to start due to the following error: 
%%1275
 
Error: (10/19/2014 08:34:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/19/2014 08:34:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:22:22 on ‎19/‎10/‎2014 was unexpected.
 
Error: (10/19/2014 06:15:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aspi32 service failed to start due to the following error: 
%%1275
 
Error: (10/19/2014 06:15:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/19/2014 06:15:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:38:22 on ‎19/‎10/‎2014 was unexpected.
 
Error: (10/18/2014 01:25:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
 
Microsoft Office Sessions:
=========================
Error: (10/23/2014 00:10:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steve\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (10/23/2014 00:10:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steve\Downloads\esetsmartinstaller_enu.exe
 
Error: (10/21/2014 11:07:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: install.exe_MicrogamingInstall16.10.2.158752f1e0d2install.exe16.10.2.158752f1e0d2c00000050005897de9801cfed7b442dd380C:\Microgaming\Casino\casinoclassic EU\install.exeC:\Microgaming\Casino\casinoclassic EU\install.exe98aa6d10-596e-11e4-b229-f10eccde4ef2
 
Error: (10/21/2014 06:51:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CasinoClassicEU.exe16.10.2.158752f1e0d2CasinoClassicEU.exe16.10.2.158752f1e0d2c00000050005898025fc01cfed575cdd14a0C:\Users\Steve\Downloads\CasinoClassicEU.exeC:\Users\Steve\Downloads\CasinoClassicEU.exee4fbe960-594a-11e4-b229-f10eccde4ef2
 
Error: (10/21/2014 03:29:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/21/2014 03:29:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/20/2014 10:52:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/20/2014 05:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/20/2014 05:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/16/2014 00:14:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.1245420d868ntdll.dll6.1.7601.177254ec49b8fc000000d00098489edc01cfe8cdbd4b7b30C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\ntdll.dllfbc529b0-54c0-11e4-9c2f-001fc65bac4e
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-27 14:24:10.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:24:07.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:24:04.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:24:01.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:32.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:28.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:25.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:21.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:18.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:15.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ 9500 Quad-Core Processor
Percentage of memory in use: 40%
Total physical RAM: 3070.49 MB
Available physical RAM: 1824.95 MB
Total Pagefile: 8204.97 MB
Available Pagefile: 6315.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:70.82 GB) (Free:3.13 GB) NTFS
Drive d: (HP) (Fixed) (Total:244.14 GB) (Free:61.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:140.52 GB) (Free:23.25 GB) NTFS
Drive f: (FACTORY_IMAGE) (Fixed) (Total:10.27 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=211.3 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#13 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 24 October 2014 - 03:37 PM

I also did a new scan with TDSSKiller and it was clean and therefore didn't make aa logfile.

Please let me know what you need me to do next,

 

Thanks

 

PS,

The only TDSS logfile i have got is the same one that i have posted above in this thread.



#14 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 24 October 2014 - 04:07 PM

Hello, 
 

I also did a new scan with TDSSKiller and it was clean and therefore didn't make aa logfile.

OK. Thank you for letting me. 
 

Please do the following. 

 

XrDFflh.png CKScanner

  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your DesktopCopy the contents of the log and paste in your next reply.

Posted Image

#15 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:01:18 PM

Posted 26 October 2014 - 07:42 PM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\steve\desktop\all folders\crack\empire.exe
c:\users\steve\desktop\all folders\crack\steam_api.dll
c:\users\steve\desktop\all folders\crack\config\masterservers.vdf
c:\users\steve\desktop\all folders\crack\data\boot.pack
c:\users\steve\desktop\all folders\crack\data\patch.pack
c:\users\steve\desktop\all folders\crack\data\patch_en.pack
c:\users\steve\desktop\all folders\crack\data\sounds_sfx.pack
c:\users\steve\desktop\all folders\crack\data\steam_api.dll
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_1\advice.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_1\export_ep1_advice.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_1\scripting.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_1\startpos.esf
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_3\advice.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_3\export_ep3_advice.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_3\scripting.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_3\startpos.esf
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_5\advice.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_5\export_ep5_advice.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_5\scripting.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\episodic_5\startpos.esf
c:\users\steve\desktop\all folders\crack\data\campaigns\main\scripting.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\main\startpos.esf
c:\users\steve\desktop\all folders\crack\data\campaigns\main_2\scripting.lua
c:\users\steve\desktop\all folders\crack\data\campaigns\main_2\startpos.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episode_one\pathfinding.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episode_one\regions.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map\america_lookup.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map\america_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map\pathfinding.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map\poi.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map\regions.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map\sea_grids.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map\stratradar_america.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map\trade_routes.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_2\america_lookup.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_2\america_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_2\pathfinding.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_2\poi.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_2\regions.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_2\sea_grids.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_2\stratradar_america.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_2\trade_routes.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_3\america_lookup.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_3\america_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_3\pathfinding.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_3\poi.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_3\regions.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_3\sea_grids.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_3\stratradar_america.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\episodic_map_3\trade_routes.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\america_lookup.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\america_lookup.tga.lnk
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\america_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\brazil_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\east_indies_lookup.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\east_indies_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\europe_lookup.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\europe_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\india_lookup.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\india_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\ivory_coast_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\madagascar_map.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\pathfinding.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\poi.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\regions.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\sea_grids.esf
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\stratradar_america.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\stratradar_brazil.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\stratradar_east_indies.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\stratradar_europe.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\stratradar_india.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\stratradar_ivory_coast.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\stratradar_madagascar.tga
c:\users\steve\desktop\all folders\crack\data\campaign_maps\global_map\trade_routes.esf
c:\users\steve\desktop\all folders\movies\key backups\convertx to dvd + keygen.rar
c:\users\steve\desktop\all folders\movies\key backups\keygen.exe
c:\users\steve\desktop\all music\next show\audio\gimme crack - skulls from the gutter(sr 007).zip
scanner sequence 3.ZZ.11.HMAPMZ
 ----- EOF ----- 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users